Bug#806569: libgnupg-interface-perl: Breaks devotee
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 29 07:57:47 UTC 2015
Hi Kurt,
On Sun, Nov 29, 2015 at 01:47:34AM +0100, Kurt Roeckx wrote:
> Package: libgnupg-interface-perl
> Version: 0.50-3
>
> Hi,
>
> A change between 0.45 and 0.50 seems to have broken devotee. As a
> result I now get:
> gpg: can't open `--verify'
> gpg: verify signatures failed: file open error
>
>
> In /usr/share/perl5/GnuPG/Interface.pm there is:
> my @command_args
> = ref $args{command_args}
> ? @{ $args{command_args} }
> : ( $args{command_args} || () );
> unshift @command_args, "--"
> if @command_args and $command_args[0] ne "--";
>
> Where the last 2 lines have been added. That unshift doesn't seem
> to make sense to me.
This change is to separate positional arguments from the commands in
gpg. I suspect that devotee confuses the use of command_args:
----cut---------cut---------cut---------cut---------cut---------cut-----
[...]
OBJECT METHODS
Initialization Methods
new( %initialization_args )
This methods creates a new object. The optional arguments are
initialization of data members.
hash_init( %args ).
Object Methods which use a GnuPG::Handles Object
list_public_keys( % )
list_sigs( % )
list_secret_keys( % )
encrypt( % )
encrypt_symmetrically( % )
sign( % )
clearsign( % )
detach_sign( % )
sign_and_encrypt( % )
decrypt( % )
verify( % )
import_keys( % )
export_keys( % )
recv_keys( % )
send_keys( % )
search_keys( % )
These methods each correspond directly to or are very similar to a
GnuPG command described in gpg. Each of these methods takes a
hash, which currently must contain a key of handles which has the
value of a GnuPG::Handles object. Another optional key is
command_args which should have the value of an array reference;
these arguments will be passed to GnuPG as command arguments.
These command arguments are used for such things as determining the
keys to list in the export_keys method. Please note that GnuPG
command arguments are not the same as GnuPG options. To understand
what are options and what are command arguments please read
"COMMANDS" in gpg and "OPTIONS" in gpg.
----cut---------cut---------cut---------cut---------cut---------cut-----
Take the following example to show that, which uses commands_args in
similar way as devotee:
----cut---------cut---------cut---------cut---------cut---------cut-----
#!/usr/bin/perl
use strict;
use warnings;
use autodie;
use GnuPG::Interface;
my $gnupg = GnuPG::Interface->new();
# how we create some handles to interact with GnuPG
my $input = IO::Handle->new();
my $output = IO::Handle->new();
my $handles = GnuPG::Handles->new(
stdin => $input,
stdout => $output
);
my $pid = $gnupg->verify(
handles => $handles,
command_args => [ '--verify', '/tmp/test.asc', ],
);
----cut---------cut---------cut---------cut---------cut---------cut-----
devotee indeed seems to use that this way loke in the above example, in dvt-gpg:
98 sub invoke_gpg {
99 my %params = @_;
100 my $cmd_ref = $params{'Command Args'};
101 my $args_ref = $params{'GnuPG Args'};
102 my $action = $params{'GnuPG Cmd'};
[...]
132 if ($action =~ m/Verify/i) {
133 $pid = $gnupg->verify( handles => $handles,
134 command_args => $cmd_ref);
[...]
284 my $command_args;
285
286 if (-r "$bodydir/$msg_sig") {
287 $command_args = [ "--verify",
288 "$bodydir/$msg_sig",
289 "$bodydir/$msg",
290 ];
291 } else {
292 $command_args = [ "--verify", "$bodydir/$msg"];
295 my ( $stdout, $stderr, $status ) = ("", "", "");
296 ($stdout, $stderr, $status) =
297 invoke_gpg(
298 'Configuration' => $dvt,
299 'GnuPG Args' => \@gpg_args,
300 'GnuPG Cmd' => 'Verify',
301 'Command Args' => $command_args
[...]
So note here you already set 'GnuPG Cmd' to 'Verify'. But the command_args
include '--verify'.
What now happens is:
execve("/usr/bin/gpg", ["gpg", "--verify", "--", "--verify", "/tmp/test.asc"], [/* 37 vars */]) = 0
The above example should thus simply read:
----cut---------cut---------cut---------cut---------cut---------cut-----
#!/usr/bin/perl
use strict;
use warnings;
use autodie;
use GnuPG::Interface;
my $gnupg = GnuPG::Interface->new();
# how we create some handles to interact with GnuPG
my $input = IO::Handle->new();
my $output = IO::Handle->new();
my $handles = GnuPG::Handles->new(
stdin => $input,
stdout => $output
);
my $pid = $gnupg->verify(
handles => $handles,
command_args => [ '/tmp/test.asc', ],
);
----cut---------cut---------cut---------cut---------cut---------cut-----
which correctly results in
execve("/usr/bin/gpg", ["gpg", "--verify", "--", "/tmp/test.asc"], [/* 37 vars */]) = 0
Does this helps you? devotee should just set action to verify, and
command_args not contain '--verify', which should solve then the
problem with devotee (untested if some similar other problems might be
present).
The change was introduced in 0.46 upstream, and potentially prevents
possible "argument injections", and properly separate the GnuPG
options and GnuPG command arguments.
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20151129/eaf8c34e/attachment.sig>
More information about the pkg-perl-maintainers
mailing list