[pkg-gnupg-maint] Bug#1074127: gnupg2: write_status_text_and_buffer fails to escape some non-printable characters

Baptiste Beauplat lyknode at debian.org
Sun Jun 23 14:33:16 BST 2024 

Source: gnupg2
Severity: important
Tags: patch upstream
X-Debbugs-Cc: lyknode at debian.org

Dear maintainer,

The check for escaping characters in `write_status_text_and_buffer` is
written in  `g10/cpr.c` as:

```c
333           if (*s == '%' || *(const byte*)s <= lower_limit
334               || *(const byte*)s == 127 )
```

Except `byte` is defined as an unsigned char, with non-printable values
exceeding 127.

Therefor the check should be `>= 127` and not `== 127`.

Practically, this means that some non-printable character are currently
not correctly escaped in a status output.

The following commands illustrate the bug:

```
mkdir -p /tmp/gpg
chmod 700 /tmp/gpg
echo test > /tmp/test.txt

cat << EOF > /tmp/key.txt
     Key-Type: RSA
     Key-Length: 4096
     Subkey-Type: RSA
     Subkey-Length: 4096
     Name-Real: Test key
     Name-Comment: comment
     Name-Email: test at example.org
     Expire-Date: 0
     Passphrase: abc
     %commit
     %echo done
EOF
GNUPGHOME=/tmp/gpg gpg --batch --generate-key /tmp/key.txt

GNUPGHOME=/tmp/gpg gpg --set-notation \
  "test at example.org=This is a non-printable char [$(printf "\x8c")]" \
  --clearsign /tmp/test.txt

GNUPGHOME=/tmp/gpg gpg --status-fd 1 --with-colons \
  --verify /tmp/test.txt.asc | cat -A
```

This outputs:

```
[GNUPG:] NOTATION_DATA This%20is%20a%20non-printable%20char%20[M-^L]$
```

While with the proposed patch, it encodes correctly to:

```
[GNUPG:] NOTATION_DATA This%20is%20a%20non-printable%20char%20[%8C]$
```

Best,

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.11-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
(ignored: LC_ALL set to C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-- no debconf information

-- 
Baptiste Beauplat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-write_status_text_and_buffer-escaping.patch
Type: text/x-patch
Size: 1594 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20240623/1d08b618/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20240623/1d08b618/attachment.sig>

More information about the pkg-gnupg-maint mailing list