Bug#736629: UnicodeDecodeError: 'utf8' codec can't decode byte 0xf6

2016-09-01 Thread Antoine Beaupré 
Control: tags -1 +pending

I have made a patch that keeps Monkeysign from just crashing on those
keys. The right way to do this, of course, is to simply refuse signing
that keyid, but that's a harder fix that will have to wait.

The attached patch was applied to the 2.x branch, and should fix the bug
here.

A.

-- 
The value of a college education is not the learning of many facts but
the training of the mind to think.
   - Albert Einstein

>From 76186ba6f1ebf3c58f699aecd29cbb648205d4e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= 
Date: Thu, 1 Sep 2016 14:02:58 -0400
Subject: [PATCH] handle improperly encoded UIDs (Closes: #736629)

---
 monkeysign/gpg.py |  2 +-
 tests/test_gpg.py | 14 ++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/monkeysign/gpg.py b/monkeysign/gpg.py
index 56d21a1..2c10fe9 100644
--- a/monkeysign/gpg.py
+++ b/monkeysign/gpg.py
@@ -735,7 +735,7 @@ def __str__(self):
 ret += u'Fingerprint = ' + self.format_fpr() + "\n"
 i = 1
 for uid in self.uidslist:
-ret += u"uid %d  [%s] %s\n" % (i, uid.get_trust(), uid.uid.decode('utf-8'))
+ret += u"uid %d  [%s] %s\n" % (i, uid.get_trust(), uid.uid.decode('utf-8', 'replace'))
 i += 1
 for subkey in self.subkeys.values():
 ret += u"sub   " + subkey.length + u"R/" + subkey.keyid(8) + u" " + subkey.creation
diff --git a/tests/test_gpg.py b/tests/test_gpg.py
index 39fef0c..2aa76a0 100755
--- a/tests/test_gpg.py
+++ b/tests/test_gpg.py
@@ -342,6 +342,20 @@ def test_wrongly_place_sigs(self):
 self.gpg.context.call_command(['list-sigs', '6D866396'])
 self.assertRegexpMatches(self.gpg.context.stdout, 'sig:::1:86E4E70A96F47C6A:[^:]*Second Test Key :10x:')
 
+def test_broken_encoding(self):
+"""test some key that has a non-standard encoding
+
+RFC4880 specifies that UIDs should be UTF-8, but someone this
+one isn't.
+
+see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736629
+"""
+self.assertTrue(self.gpg.import_data(open(os.path.dirname(__file__) +
+  '/ECAA37C45C7E48CE.asc').read()))
+key = self.gpg.get_keys('095D9EC8C995AB203DC260FEECAA37C45C7E48CE')
+foo = key['095D9EC8C995AB203DC260FEECAA37C45C7E48CE'].__str__().encode('utf-8')
+
+
 class TestOpenPGPkey(unittest.TestCase):
 def setUp(self):
 self.key = OpenPGPkey("""tru::1:1343350431:0:3:1:5
-- 
2.1.4

Bug#736629: UnicodeDecodeError: 'utf8' codec can't decode byte 0xf6

2016-09-01 Thread anarcat 
Control: severity -1 minor
Control: found -1 2.0.2

It looks like Dennis' key has an invalid encoding, even in gpg:


$ gpg --search-keys allsp...@planetcyborg.de
gpg: recherche de « allsp...@planetcyborg.de » sur le serveur hkp 
pool.sks-keyservers.net
(1) Dennis Boerm 
  2048 bit RSA key 287992D55C7E48CE, créé : 2014-06-16 (révoquée)
(2) Dennis Börm 
Dennis Börm 
Dennis Börm 
Dennis Börm 
Dennis Börm 
  4096 bit RSA key DF87C73A6F432148, créé : 2014-04-25
(3) Dennis Boerm 
Dennis Boerm 
Dennis B\xf6\x72m 
Dennis Börm 
Dennis Boerm 
Dennis Boerm 
Dennis Boerm 
Dennis Börm 
Dennis Boerm 
  2048 bit RSA key ECAA37C45C7E48CE, créé : 2009-09-15
Keys 1-3 of 3 for "allsp...@planetcyborg.de".  Entrez le ou les nombres, 
(S)uivant, ou (Q)uitter > 

I am not sure what we should do with this - an exception certainly isn't
great, but how do you certify corrupt data anyways?

A.


signature.asc
Description: Digital signature

Bug#736629: UnicodeDecodeError: 'utf8' codec can't decode byte 0xf6

2014-10-20 Thread Antoine Beaupré 
On 2014-01-25 12:21:20, Andreas Rütten wrote:
 While trying to sign the following key:

 pub  2048R/5C7E48CE 2009-09-15
Fingerprint=095D 9EC8 C995 AB20 3DC2  60FE ECAA 37C4 5C7E 48CE 


 I run into this traceback:

 Traceback (most recent call last):
   File /usr/bin/monkeysign, line 41, in module
 u.main()
   File /usr/lib/python2.7/dist-packages/monkeysign/cli.py, line 69,
 in main self.sign_key()
   File /usr/lib/python2.7/dist-packages/monkeysign/ui.py, line 279,
 in sign_key ) % keys[key], False)
   File /usr/lib/python2.7/dist-packages/monkeysign/gpg.py, line 701,
 in __str__ ret += uuid %d  [%s] %s\n % (i, uid.get_trust(),
 uid.uid.decode('utf-8')) File /usr/lib/python2.7/encodings/utf_8.py,
 line 16, in decode return codecs.utf_8_decode(input, errors, True)
 UnicodeDecodeError: 'utf8' codec can't decode byte 0xf6 in position 8:
 invalid start byte

I don't have high hopes, but could you try this again with the version
in sid or in git (2.0+)?

git://git.monkeysphere.info/monkeysign

Thanks,

A.

-- 
I'm sorry if any of you are catholic. I'm not sorry if you're
offended, I'm actually just sorry by the fact that you're catholic
 - Bill Hicks


pgpkZd2QoKpjK.pgp
Description: PGP signature

Bug#736629: UnicodeDecodeError: 'utf8' codec can't decode byte 0xf6

2014-01-25 Thread Andreas Rütten 

Package: monkeysign
Version: 1.1
Severity: normal

While trying to sign the following key:

pub  2048R/5C7E48CE 2009-09-15
 Fingerprint=095D 9EC8 C995 AB20 3DC2  60FE ECAA 37C4 5C7E 48CE 


I run into this traceback:

Traceback (most recent call last):
  File /usr/bin/monkeysign, line 41, in module
u.main()
  File /usr/lib/python2.7/dist-packages/monkeysign/cli.py, line 69,
in main self.sign_key()
  File /usr/lib/python2.7/dist-packages/monkeysign/ui.py, line 279,
in sign_key ) % keys[key], False)
  File /usr/lib/python2.7/dist-packages/monkeysign/gpg.py, line 701,
in __str__ ret += uuid %d  [%s] %s\n % (i, uid.get_trust(),
uid.uid.decode('utf-8')) File /usr/lib/python2.7/encodings/utf_8.py,
line 16, in decode return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xf6 in position 8:
invalid start byte



-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages monkeysign depends on:
ii  gnupg 1.4.16-1
ii  python2.7.5-5
ii  python-pkg-resources  2.0.2-1

Versions of packages monkeysign recommends:
ii  python-gtk2   2.24.0-3+b1
ii  python-qrencode   1.01-3
ii  python-zbar   0.10+doc-9+b1
ii  python-zbarpygtk  0.10+doc-9+b1

monkeysign suggests no packages.

-- no debconf information



Cheers,
Andreas

-- 
Andreas Rütten   mailto:andreasruet...@gmx.de
   xmpp:andreasruet...@gmx.de
  irc://irc.oftc.net/aruetten

4096R: 0x6C9DFFB2 / 8394 99DA 59BD BCE2 3FC8 3A9E 6633 0089 6C9D FFB2


signature.asc
Description: PGP signature