subject:"Bug#824901\: gnupg\: gpg segfaults"

Bug#824901: [pkg-gnupg-maint] Bug#824901: gnupg: gpg segfaults

2016-05-22 Thread Christoph Egger

Werner Koch  writes:
> On Sat, 21 May 2016 19:48, christ...@christoph-egger.org said:
>> % gdb --args gpg --debug-all --list-sigs 0x3B78A32D98BAD5B0
>
>> Program received signal SIGSEGV, Segmentation fault.
>> _gcry_log_printmpi (text=text@entry=0x55606606 "pkey[0]", 
>> mpi=0x3e67726f2e) at ../../src/misc.c:337
>
> According to this it seems to bail out at 
>
>  (mpi && (mpi->flags & 4))
>
> but optimization may gave us a wrong line number
>
>> (gdb) bt full
>
> Can you try a 
>
>   p mpi

(gdb) p mpi
$1 = (gcry_mpi_t) 0x3e67726f2e

> and send me your copy of the key 0x3B78A32D98BAD5B0 by PM because I
> can't replicate it with the copy taken from a keyserver (or if possible
> the entire keyring).  I would also suggest to run valgrind.

==5511== Invalid read of size 1
==5511==at 0x5568484: _gcry_log_printmpi (in 
/lib/x86_64-linux-gnu/libgcrypt.so.20.1.0)
==5511==by 0x1393C6: encode_md_value (in /usr/bin/gpg)
==5511==by 0x14FCD5: check_signature_end_simple (in /usr/bin/gpg)
==5511==by 0x1508BE: check_signature_over_key_or_uid (in /usr/bin/gpg)
==5511==by 0x150FE1: check_key_signature2 (in /usr/bin/gpg)
==5511==by 0x151084: check_key_signature (in /usr/bin/gpg)
==5511==by 0x138B91: keyring_rebuild_cache (in /usr/bin/gpg)
==5511==by 0x1355BB: keydb_rebuild_caches (in /usr/bin/gpg)
==5511==by 0x182B4E: validate_keys (in /usr/bin/gpg)
==5511==by 0x155897: public_key_list (in /usr/bin/gpg)
==5511==by 0x119858: main (in /usr/bin/gpg)
==5511==  Address 0x3e67726f3a is not stack'd, malloc'd or (recently) free'd
==5511== 

gpg: signal Segmentation fault caught ... exiting
==5511== 
==5511== Process terminating with default action of signal 11 (SIGSEGV)
==5511==at 0x5F0D478: raise (in /lib/x86_64-linux-gnu/libc-2.22.so)
==5511==by 0x5F0D4FF: ??? (in /lib/x86_64-linux-gnu/libc-2.22.so)
==5511==by 0x5568483: _gcry_log_printmpi (in 
/lib/x86_64-linux-gnu/libgcrypt.so.20.1.0)
==5511==by 0x1393C6: encode_md_value (in /usr/bin/gpg)
==5511==by 0x14FCD5: check_signature_end_simple (in /usr/bin/gpg)
==5511==by 0x1508BE: check_signature_over_key_or_uid (in /usr/bin/gpg)
==5511==by 0x150FE1: check_key_signature2 (in /usr/bin/gpg)
==5511==by 0x151084: check_key_signature (in /usr/bin/gpg)
==5511==by 0x138B91: keyring_rebuild_cache (in /usr/bin/gpg)
==5511==by 0x1355BB: keydb_rebuild_caches (in /usr/bin/gpg)
==5511==by 0x182B4E: validate_keys (in /usr/bin/gpg)
==5511==by 0x155897: public_key_list (in /usr/bin/gpg)
==5511== 
==5511== HEAP SUMMARY:
==5511== in use at exit: 1,955,713 bytes in 38,345 blocks
==5511==   total heap usage: 545,770 allocs, 507,425 frees, 255,247,453 bytes 
allocated
==5511== 
==5511== LEAK SUMMARY:
==5511==definitely lost: 1,792 bytes in 19 blocks
==5511==indirectly lost: 4,112 bytes in 70 blocks
==5511==  possibly lost: 48 bytes in 2 blocks
==5511==still reachable: 1,949,761 bytes in 38,254 blocks
==5511== suppressed: 0 bytes in 0 blocks
==5511== Rerun with --leak-check=full to see details of leaked memory
==5511== 
==5511== For counts of detected and suppressed errors, rerun with: -v
==5511== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

-- 
9FED 5C6C E206 B70A 5857  70CA 9655 22B9 D49A E731
Debian Developer | Lisp Hacker | CaCert Assurer

Bug#824901: [pkg-gnupg-maint] Bug#824901: gnupg: gpg segfaults

2016-05-22 Thread Werner Koch

On Sat, 21 May 2016 19:48, christ...@christoph-egger.org said:
> % gdb --args gpg --debug-all --list-sigs 0x3B78A32D98BAD5B0

> Program received signal SIGSEGV, Segmentation fault.
> _gcry_log_printmpi (text=text@entry=0x55606606 "pkey[0]", 
> mpi=0x3e67726f2e) at ../../src/misc.c:337

According to this it seems to bail out at 

 (mpi && (mpi->flags & 4))

but optimization may gave us a wrong line number

> (gdb) bt full

Can you try a 

  p mpi

and send me your copy of the key 0x3B78A32D98BAD5B0 by PM because I
can't replicate it with the copy taken from a keyserver (or if possible
the entire keyring).  I would also suggest to run valgrind.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */

Bug#824901: [pkg-gnupg-maint] Bug#824901: gnupg: gpg segfaults

2016-05-21 Thread Christoph Egger

Hi!

Werner Koch  writes:
> however, we don't have debug symbols for Libgcrypt.  I'd suggest to try
> this patch for debugging:

Actually unstable-debug has. Anyway (can give full log if that's needed
as well

> diff --git a/g10/seskey.c b/g10/seskey.c
> index c41a145..d0e6b6f 100644
> --- a/g10/seskey.c
> +++ b/g10/seskey.c
> @@ -347,6 +347,9 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int 
> hash_algo)
>  return NULL;
>if ( gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, asn, ) )
>  BUG();
> +  log_debug ("%s: hash_algo=%d pk=%p\n", __func__, hash_algo, pk);
> +  log_debug ("%s: pk->pkey[0]=%p\n", __func__, pk->pkey[0]);
> +  gcry_log_debugmpi ("pkey[0]", pk->pkey[0]);
>frame = do_encode_md (md, hash_algo, gcry_md_get_algo_dlen (hash_algo),
>  gcry_mpi_get_nbits (pk->pkey[0]), asn, asnlen);
>xfree (asn);

% gdb --args gpg --debug-all --list-sigs 0x3B78A32D98BAD5B0
[...]
gpg: DBG: keydb_search   0: LONG_KID: '28AD32B218CCB8FE'
gpg: DBG: keydb: kid_not_found_p (28ad32b218ccb8fe) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '28AD32B218CCB8FE'
gpg: DBG: keydb: kid_not_found_p (28ad32b218ccb8fe) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '0C70557B5A06513E'
gpg: DBG: keydb: kid_not_found_p (0c70557b5a06513e) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '0C70557B5A06513E'
gpg: DBG: keydb: kid_not_found_p (0c70557b5a06513e) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '0C70557B5A06513E'
gpg: DBG: keydb: kid_not_found_p (0c70557b5a06513e) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '104B1AF0BFFB'
gpg: DBG: keydb: kid_not_found_p (104b1af0bffb) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '104B1AF0BFFB'
gpg: DBG: keydb: kid_not_found_p (104b1af0bffb) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '104B1AF0BFFB'
gpg: DBG: keydb: kid_not_found_p (104b1af0bffb) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '3966A24BEC4D79E7'
gpg: DBG: keydb: kid_not_found_p (3966a24bec4d79e7) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '957952D7CF3401A9'
gpg: DBG: keydb: kid_not_found_p (957952d7cf3401a9) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '957952D7CF3401A9'
gpg: DBG: keydb: kid_not_found_p (957952d7cf3401a9) => not in DB
gpg: DBG: [not enabled in the source] keydb_search leave (not found, cached)
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search   0: LONG_KID: '957952D7CF3401A9'
gpg: DBG: keydb: kid_not_found_p (957952d7cf3401a9) => not in DB
gpg: DBG: [not

Bug#824901: [pkg-gnupg-maint] Bug#824901: gnupg: gpg segfaults

2016-05-21 Thread Werner Koch

On Sat, 21 May 2016 04:56, christ...@christoph-egger.org said:

>   GPG seems to reproducibly segfault on the command below (at least on
> my box). I had a segfault on gpg --import earlier as well but couln't

I can't replicate that here.  The culprit seems to be either
  gcry_md_get_algo_dlen (hash_algo)
or
  gcry_mpi_get_nbits (pk->pkey[0]), asn, asnlen);

however, we don't have debug symbols for Libgcrypt.  I'd suggest to try
this patch for debugging:

diff --git a/g10/seskey.c b/g10/seskey.c
index c41a145..d0e6b6f 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -347,6 +347,9 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int 
hash_algo)
 return NULL;
   if ( gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, asn, ) )
 BUG();
+  log_debug ("%s: hash_algo=%d pk=%p\n", __func__, hash_algo, pk);
+  log_debug ("%s: pk->pkey[0]=%p\n", __func__, pk->pkey[0]);
+  gcry_log_debugmpi ("pkey[0]", pk->pkey[0]);
   frame = do_encode_md (md, hash_algo, gcry_md_get_algo_dlen (hash_algo),
 gcry_mpi_get_nbits (pk->pkey[0]), asn, asnlen);
   xfree (asn);
Modified   g10/tofu.c




Salam-Shalom,

   Werner

Bug#824901: gnupg: gpg segfaults

2016-05-20 Thread Christoph Egger

Package: gnupg
Version: 2.1.12-1
Severity: normal

Hi!

  GPG seems to reproducibly segfault on the command below (at least on
my box). I had a segfault on gpg --import earlier as well but couln't
reproduce after installing debug symbols

  Christoph

% gdb --args gpg --list-sigs 0x3B78A32D98BAD5B0
GNU gdb (Debian 7.10-1+b1) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from gpg...Reading symbols from 
/usr/lib/debug/.build-id/92/0adf736962a3750c4bc48c0f1a09d3f393af8b.debug...done.
done.
(gdb) run
Starting program: /usr/bin/gpg --list-sigs 0x3B78A32D98BAD5B0
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
gpg: checking the trustdb
gpg: removing stale lockfile (created by 17287)

Program received signal SIGSEGV, Segmentation fault.
0x774684b5 in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20
(gdb) bt full
#0  0x774684b5 in ?? () from /lib/x86_64-linux-gnu/libgcrypt.so.20
No symbol table info available.
#1  0x5558532f in encode_md_value (pk=pk@entry=0x558f5b00, 
md=md@entry=0x55d5e320, hash_algo=8) at ../../g10/seskey.c:350
rc = 
asn = 0x55ac69e0 "010\r\006\t`\206H\001e\003\004\002\001\005"
asnlen = 19
frame = 
mdlen = 
__FUNCTION__ = "encode_md_value"
#2  0x5559bc26 in check_signature_end_simple (pk=0x558f5b00, 
sig=0x55ad3790, digest=0x55d5e320)
at ../../g10/sig-check.c:461
result = 
rc = 
digest = 0x55d5e320
sig = 0x55ad3790
pk = 0x558f5b00
weak = 
#3  0x5559c80f in check_signature_over_key_or_uid 
(signer=0x558f5b00, sig=sig@entry=0x55ad3790, 
kb=kb@entry=0x55d0fcb0, packet=packet@entry=0x55ba6960, 
is_selfsig=is_selfsig@entry=0x0, ret_pk=ret_pk@entry=0x0)
at ../../g10/sig-check.c:892
rc = 
pripk = 0x55929760
md = 0x55d5e320
signer_alloced = 0
__FUNCTION__ = "check_signature_over_key_or_uid"
#4  0x5559cf32 in check_key_signature2 (root=0x55d0fcb0, 
node=node@entry=0x55898b80, check_pk=check_pk@entry=0x0, 
ret_pk=ret_pk@entry=0x0, is_selfsig=is_selfsig@entry=0x0, 
r_expiredate=r_expiredate@entry=0x0, r_expired=0x0)
at ../../g10/sig-check.c:1075
unode = 
pk = 0x55929760
sig = 0x55ad3790
algo = 
rc = 
__FUNCTION__ = "check_key_signature2"
#5  0x5559cfd5 in check_key_signature (root=, 
node=node@entry=0x55898b80, is_selfsig=is_selfsig@entry=0x0)
at ../../g10/sig-check.c:686
No locals.
#6  0x55584b32 in keyring_rebuild_cache (token=, 
noisy=noisy@entry=0) at ../../g10/keyring.c:1554
sig = 
hd = 0x5584d1c0
desc = {mode = KEYDB_SEARCH_MODE_NEXT, skipfnc = 0x0, skipfncvalue = 
0x0, sn = 0x0, snlen = 0, u = {name = 0x0, 
fpr = '\000' , kid = {0, 0}, grip = '\000' 
}, exact = 0}
keyblock = 0x55d0fcb0
node = 0x55898b80
lastresname = 0x55844f30 "/home/christoph/.gnupg/pubring.gpg"
tmpfp = 0x5584f470
tmpfilename = 0x5584f440 "/home/christoph/.gnupg/pubring.gpg.tmp"
bakfilename = 0x5584f560 "/home/christoph/.gnupg/pubring.gpg~"
rc = 
count = 19
sigcount = 19500
#7  0x5558155c in keydb_rebuild_caches (noisy=noisy@entry=0) at 
../../g10/keydb.c:1775
i = 0
rc = 
#8  0x555cea9f in validate_keys (interactive=interactive@entry=0) at 
../../g10/trustdb.c:1904
rc = 0
quit = 0
klist = 0x0
k = 
keys = 0x0
kar = 
kdb = 0x0
node = 
depth = 
ot_unknown = 
ot_undefined = 
ot_never = 
ot_marginal = 
ot_full = 
ot_ultimate = 
start_time = 
next_expire = 0
#9  0x555d0812 in tdb_check_trustdb_stale () at ../../g10/trustdb.c:971
scheduled = 
did_nextcheck = 1
#10 0x555ccdc5 in check_trustdb_stale () at ../../g10/trust.c:280
No locals.
#11 0x555a17e8 in public_key_list (ctrl=0x55844e50, 
list=0x55844eb0, locate_mode=0) at ../../g10/keylist.c:133
No locals.
#12 0x555657f9 in main (argc=0, argv=0x7fffdb90) at

Bug#824901: [pkg-gnupg-maint] Bug#824901: gnupg: gpg segfaults

Bug#824901: [pkg-gnupg-maint] Bug#824901: gnupg: gpg segfaults

Bug#824901: [pkg-gnupg-maint] Bug#824901: gnupg: gpg segfaults

Bug#824901: [pkg-gnupg-maint] Bug#824901: gnupg: gpg segfaults

Bug#824901: gnupg: gpg segfaults

5 matches

Site Navigation

Mail list logo

Footer information