Bug#496663: gpg-agent: missing data conversion makes gpg-preset-passphrase unusable

Tue, 26 Aug 2008 08:38:41 -0700 

Package: gnupg-agent
Version: 2.0.9-3
Severity: important
Tags: patch

Since 2006-07-29 (svn revision number 4209) gpg-preset-passphrase sends
passphrase to gpg-agent as a hex string. However the receiver side did
not follow this change. Therefore command gpg-preset-passphrase of
package gnupg2 became totally unusable. (Check Google for complaining
crowds. :-)

This patch against agent/command.c allows gpg-agent daemon to decode
hexstring passphrase and to put them in the cache as needed.

Gabor

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.20-1-686 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnupg-agent depends on:
ii  libc6                         2.7-13     GNU C Library: Shared libraries
ii  libgcrypt11                   1.4.1-1    LGPL Crypto library - runtime libr
ii  libgpg-error0                 1.4-2      library for common error values an
ii  libpth20                      2.0.7-10   The GNU Portable Threads
ii  libreadline5                  5.2-3      GNU readline and history libraries
ii  pinentry-gtk2 [pinentry]      0.7.5-2    GTK+-2-based PIN or pass-phrase en

Versions of packages gnupg-agent recommends:
ii  gnupg                         1.4.9-3    GNU privacy guard - a free PGP rep
ii  gnupg2                        2.0.9-3    GNU privacy guard - a free PGP rep

gnupg-agent suggests no packages.

-- no debconf information

--- command.c-orig	2008-03-17 14:35:15.000000000 +0100
+++ command.c	2008-08-26 16:54:20.102824581 +0200
@@ -263,6 +263,28 @@
   return 0;
 }
 
+/* Convert (in place) an already parsed hexstring of
+ * 'len' digits to native bytes. */
+#define fromhex(h) ( (h)<='9' ? (h)-'0' : ((h)|0x20)-'a'+10 )
+static char *
+decode_hexstring (char *string, int len)
+{
+  unsigned char *from, *to;
+
+  for (from=to=(unsigned char*)string; len>0; to++)
+    {
+      unsigned char value;
+      value = fromhex(*from);
+      from++;
+      value <<=  4;
+      value |= fromhex(*from);
+      from++;
+      *to = value;
+      len -= 2;
+    }
+  return string;
+}
+
 /* Parse the keygrip in STRING into the provided buffer BUF.  BUF must
    provide space for 20 bytes. BUF is not changed if the function
    returns an error. */
@@ -1135,7 +1157,10 @@
   /* If there is a passphrase, use it.  Currently, a passphrase is
      required.  */
   if (*line)
-    passphrase = line;
+    {
+      passphrase = decode_hexstring(line, len);
+      passphrase[len/2] = '\0';
+    }
   else
     return gpg_error (GPG_ERR_NOT_IMPLEMENTED);

Reply via email to