Bug#579672: User IDs must be properly unescaped to support colon and backslash (and maybe other characters)

Salvatore Bonaccorso salvatore.bonaccorso at gmail.com
Fri Apr 30 11:50:54 UTC 2010 

Hi

I'm forwarding this Request from Daniel Kahn Gillmor to you. He is
reporting the issue below to the Debian Bugtracker for the
GnuPG-Interface Module packaged. 

 [1] http://bugs.debian.org/579672

See his message below,
Thank you for considering
Bests
Salvatore

----- Forwarded message from Daniel Kahn Gillmor <dkg at fifthhorseman.net> -----

From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Resent-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Reply-To: Daniel Kahn Gillmor <dkg at fifthhorseman.net>,
	579672 at bugs.debian.org
X-Mailer: reportbug 4.11
Date: Thu, 29 Apr 2010 14:29:41 -0400
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: Bug#579672: libgnupg-interface-perl: User IDs must be properly
	unescaped to support colon and backslash (and maybe other characters)

Package: libgnupg-interface-perl
Version: 0.42-3
Severity: normal
Tags: patch

User IDs with colons and backslashes (at least) are escaped in gpg
output.

GnuPG::Interface should unescape these strings, so that the invoking
perl program recieves the raw UTF-8 string.  The attached patch fixes
the problem.

For example, E95707CF is an OpenPGP key identifying the https service
running on zimmermann.mayfirst.org (using the monkeysphere).  It has a
User ID of "https://zimmermann.mayfirst.org" (it also has another User
ID which is a DNS alias of a common misspelling).  The following two
commands show the problem:

gpg --keyserver pool.sks-keyservers.net --recv E95707CF

perl -MGnuPG::Interface -e '
 foreach $k (GnuPG::Interface->new()->get_public_keys("0xE95707CF")) {
   foreach $u ($k->user_ids) {
    printf "%s\n", $u->as_string();
}}'

Without unescaping, the output of the second command reads:

https\x3a//zimmermann.mayfirst.org
https\x3a//zimmerman.mayfirst.org

but it should read:

https://zimmermann.mayfirst.org
https://zimmerman.mayfirst.org

The attached patch handles the unescaping cleanly.

Thanks,

        --dkg

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-4-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgnupg-interface-perl depends on:
ii  gnupg                         1.4.10-2   GNU privacy guard - a free PGP rep
ii  gnupg2                        2.0.14-1   GNU privacy guard - a free PGP rep
ii  libany-moose-perl             0.12-1     module to use either Moose or Mous
ii  perl                          5.10.1-12  Larry Wall's Practical Extraction 

libgnupg-interface-perl recommends no packages.

libgnupg-interface-perl suggests no packages.

-- no debconf information

--- a/lib/GnuPG/Interface.pm
+++ b/lib/GnuPG/Interface.pm
@@ -335,6 +335,11 @@
 }
 
 
+sub unescape_string {
+  my($str) = splice(@_);
+  $str =~ s/\\x(..)/chr(hex($1))/eg;
+  return $str;
+}
 
 ###################################################################
 
@@ -451,7 +456,7 @@
 
             $current_signed_item = GnuPG::UserId->new(
                 validity  => $user_id_validity,
-                as_string => $user_id_string,
+                as_string => unescape_string($user_id_string),
             );
 
             $current_key->push_user_ids($current_signed_item);
@@ -472,7 +477,7 @@
                 algo_num       => $algo_num,
                 hex_id         => $hex_key_id,
                 date_string    => $signature_date_string,
-                user_id_string => $user_id_string,
+                user_id_string => unescape_string($user_id_string),
             );
 
             if ( $current_signed_item->isa('GnuPG::UserId') ) {
@@ -490,7 +495,7 @@
 
             $current_signed_item = GnuPG::UserId->new(
                 validity  => $validity,
-                as_string => $user_id_string,
+                as_string => unescape_string($user_id_string),
             );
 
             $current_key->push_user_ids($current_signed_item);

_______________________________________________
pkg-perl-maintainers mailing list
pkg-perl-maintainers at lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-perl-maintainers

----- End forwarded message -----

-- 
  .-.
  oo|  Debian GNU/Linux -- The power of freedom ---------------------- 
 /`'\  GPG key ID: 0x7FD863FE        http://arda.homelinux.org/~salvi/
(\_;/) Fingerprint: 04A4 407C B914 2C23 030C  17AE 789D 6F05 7FD8 63FE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20100430/768310e6/attachment-0001.pgp>

More information about the pkg-perl-maintainers mailing list