Bug#579672: libgnupg-interface-perl: User IDs must be properly unescaped to support colon and backslash (and maybe other characters)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Apr 29 18:29:41 UTC 2010
Package: libgnupg-interface-perl
Version: 0.42-3
Severity: normal
Tags: patch
User IDs with colons and backslashes (at least) are escaped in gpg
output.
GnuPG::Interface should unescape these strings, so that the invoking
perl program recieves the raw UTF-8 string. The attached patch fixes
the problem.
For example, E95707CF is an OpenPGP key identifying the https service
running on zimmermann.mayfirst.org (using the monkeysphere). It has a
User ID of "https://zimmermann.mayfirst.org" (it also has another User
ID which is a DNS alias of a common misspelling). The following two
commands show the problem:
gpg --keyserver pool.sks-keyservers.net --recv E95707CF
perl -MGnuPG::Interface -e '
foreach $k (GnuPG::Interface->new()->get_public_keys("0xE95707CF")) {
foreach $u ($k->user_ids) {
printf "%s\n", $u->as_string();
}}'
Without unescaping, the output of the second command reads:
https\x3a//zimmermann.mayfirst.org
https\x3a//zimmerman.mayfirst.org
but it should read:
https://zimmermann.mayfirst.org
https://zimmerman.mayfirst.org
The attached patch handles the unescaping cleanly.
Thanks,
--dkg
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-4-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libgnupg-interface-perl depends on:
ii gnupg 1.4.10-2 GNU privacy guard - a free PGP rep
ii gnupg2 2.0.14-1 GNU privacy guard - a free PGP rep
ii libany-moose-perl 0.12-1 module to use either Moose or Mous
ii perl 5.10.1-12 Larry Wall's Practical Extraction
libgnupg-interface-perl recommends no packages.
libgnupg-interface-perl suggests no packages.
-- no debconf information
-------------- next part --------------
--- a/lib/GnuPG/Interface.pm
+++ b/lib/GnuPG/Interface.pm
@@ -335,6 +335,11 @@
}
+sub unescape_string {
+ my($str) = splice(@_);
+ $str =~ s/\\x(..)/chr(hex($1))/eg;
+ return $str;
+}
###################################################################
@@ -451,7 +456,7 @@
$current_signed_item = GnuPG::UserId->new(
validity => $user_id_validity,
- as_string => $user_id_string,
+ as_string => unescape_string($user_id_string),
);
$current_key->push_user_ids($current_signed_item);
@@ -472,7 +477,7 @@
algo_num => $algo_num,
hex_id => $hex_key_id,
date_string => $signature_date_string,
- user_id_string => $user_id_string,
+ user_id_string => unescape_string($user_id_string),
);
if ( $current_signed_item->isa('GnuPG::UserId') ) {
@@ -490,7 +495,7 @@
$current_signed_item = GnuPG::UserId->new(
validity => $validity,
- as_string => $user_id_string,
+ as_string => unescape_string($user_id_string),
);
$current_key->push_user_ids($current_signed_item);
More information about the pkg-perl-maintainers
mailing list