bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs wit

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs wit

From:	Daniel Kahn Gillmor
Subject:	bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address
Date:	Fri, 18 Jan 2019 03:18:48 -0500

Attached is an OpenPGP certificate (dkg@aclu.org.key) which has three
User IDs, one of which is "dkg@aclu.org" but another has no e-mail
address at all (it's just "Daniel Kahn Gillmor").

From a new, empty user account, i did the following:

    gpg --batch --import < dkg@aclu.org.key

Then, in a new emacs window, in *scratch*, i ran the following:

    (require 'mml)
    (mml-secure-find-usable-keys (epg-make-context 'OpenPGP) "<dkg@aclu.org>" 
'encrypt)

it crashes with the following backtrace:

Debugger entered--Lisp error: (wrong-type-argument char-or-string-p nil)
  mml-secure-check-user-id(#s(epg-key :owner-trust ultimate :sub-key-list 
(#s(epg-sub-key :validity ultimate :capability (sign certify) :secret-p nil 
:algorithm 1 :length 3072 :id "138F5AB68615C560" :creation-time (23350 . 32581) 
:expiration-time (24312 . 58949) :fingerprint 
"888E6BEAC41959269EAA177F138F5AB68615C560") #s(epg-sub-key :validity ultimate 
:capability (encrypt) :secret-p nil :algorithm 1 :length 3072 :id 
"9ED30DE244D1D77F" :creation-time (23350 . 32581) :expiration-time nil 
:fingerprint "9E2D1F76B4070A6BD4919CEA9ED30DE244D1D77F")) :user-id-list 
(#s(epg-user-id :validity ultimate :string "Daniel Kahn Gillmor" 
:signature-list nil) #s(epg-user-id :validity ultimate :string 
"dkgillmor@aclu.org" :signature-list nil) #s(epg-user-id :validity ultimate 
:string "dkg@aclu.org" :signature-list nil))) "<dkg@aclu.org>")
  mml-secure-find-usable-keys(#s(epg-context :protocol OpenPGP :program 
"/usr/bin/gpg2" :home-directory nil :armor nil :textmode nil :include-certs nil 
:cipher-algorithm nil :digest-algorithm nil :compress-algorithm nil 
:passphrase-callback (epg-passphrase-callback-function) :progress-callback nil 
:edit-callback nil :signers nil :sig-notations nil :process nil :output-file 
nil :result nil :operation nil :pinentry-mode nil :error-output "" 
:error-buffer nil) "<dkg@aclu.org>" encrypt)
  eval((mml-secure-find-usable-keys (epg-make-context 'OpenPGP) 
"<dkg@aclu.org>" 'encrypt) nil)


This appears to be because mml-secure-check-user-id chokes on the User
ID without any e-mail address.

The attached patch appears to fix the issue.  please include it in
emacs!

(i previously reported this to debian as https://bugs.debian.org/919642)

       --dkg



Configured using:
 'configure --build x86_64-linux-gnu --prefix=/usr
 --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --enable-libsystemd --with-pop=yes
 
--enable-locallisppath=/etc/emacs:/usr/local/share/emacs/26.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/26.1/site-lisp:/usr/share/emacs/site-lisp
 --with-sound=alsa --without-gconf --with-mailutils --build
 x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib
 --libexecdir=/usr/lib --localstatedir=/var/lib
 --infodir=/usr/share/info --mandir=/usr/share/man --enable-libsystemd
 --with-pop=yes
 
--enable-locallisppath=/etc/emacs:/usr/local/share/emacs/26.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/26.1/site-lisp:/usr/share/emacs/site-lisp
 --with-sound=alsa --without-gconf --with-mailutils --with-x=yes
 --with-x-toolkit=gtk3 --with-toolkit-scroll-bars 'CFLAGS=-g -O2
 -fdebug-prefix-map=/build/emacs-3ThesY/emacs-26.1+1=. -fstack-protector-strong
 -Wformat -Werror=format-security -Wall' 'CPPFLAGS=-Wdate-time
 -D_FORTIFY_SOURCE=2' LDFLAGS=-Wl,-z,relro'

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS NOTIFY
ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11 THREADS LIBSYSTEMD LCMS2

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

From 856d4f2358df9c8977637a0ac007084d0b40b9f2 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 18 Jan 2019 03:12:07 -0500
Subject: [PATCH] Avoid elisp crash for OpenPGP User IDs with no e-mail address

* lisp/gnus/mml-sec.el: (mml-secure-check-user-id) verify that there
  is an e-mail address in the current User ID before trying to
  downcase it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 lisp/gnus/mml-sec.el | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index a6d989a45f..db7489fbf1 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -659,6 +659,8 @@ The passphrase is read and cached."
     (catch 'break
       (dolist (uid uids nil)
        (if (and (stringp (epg-user-id-string uid))
+                 (car (mail-header-parse-address
+                       (epg-user-id-string uid)))
                 (equal (downcase (car (mail-header-parse-address
                                        (epg-user-id-string uid))))
                        (downcase (car (mail-header-parse-address
-- 
2.20.1

dkg@aclu.org.key
Description: application/pgp-keys

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address, Daniel Kahn Gillmor <=
- bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address, Eli Zaretskii, 2019/01/25

Prev by Date: bug#34094: 27.0.50; (wrong-type-argument stringp (require . elec-pair)) with describe-function (and other commands)
Next by Date: bug#34104: 26.1; Inaccurate error report of (sort "cba" #'<)
Previous by thread: bug#34119: 26.1; (elisp) byte-to-string
Next by thread: bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address
Index(es):
- Date
- Thread