GNU bug report logs - #34121
26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address

Previous Next

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
To: bug-gnu-emacs <at> gnu.org
Subject: 26.1;
 elisp crashes on OpenPGP certificates with User IDs without an e-mail
 address
Date: Fri, 18 Jan 2019 03:18:48 -0500

[Message part 1 (text/plain, inline)]

Attached is an OpenPGP certificate (dkg <at> aclu.org.key) which has three
User IDs, one of which is "dkg <at> aclu.org" but another has no e-mail
address at all (it's just "Daniel Kahn Gillmor").

From a new, empty user account, i did the following:

    gpg --batch --import < dkg <at> aclu.org.key

Then, in a new emacs window, in *scratch*, i ran the following:

    (require 'mml)
    (mml-secure-find-usable-keys (epg-make-context 'OpenPGP) "<dkg <at> aclu.org>" 'encrypt)

it crashes with the following backtrace:

Debugger entered--Lisp error: (wrong-type-argument char-or-string-p nil)
  mml-secure-check-user-id(#s(epg-key :owner-trust ultimate :sub-key-list (#s(epg-sub-key :validity ultimate :capability (sign certify) :secret-p nil :algorithm 1 :length 3072 :id "138F5AB68615C560" :creation-time (23350 . 32581) :expiration-time (24312 . 58949) :fingerprint "888E6BEAC41959269EAA177F138F5AB68615C560") #s(epg-sub-key :validity ultimate :capability (encrypt) :secret-p nil :algorithm 1 :length 3072 :id "9ED30DE244D1D77F" :creation-time (23350 . 32581) :expiration-time nil :fingerprint "9E2D1F76B4070A6BD4919CEA9ED30DE244D1D77F")) :user-id-list (#s(epg-user-id :validity ultimate :string "Daniel Kahn Gillmor" :signature-list nil) #s(epg-user-id :validity ultimate :string "dkgillmor <at> aclu.org" :signature-list nil) #s(epg-user-id :validity ultimate :string "dkg <at> aclu.org" :signature-list nil))) "<dkg <at> aclu.org>")
  mml-secure-find-usable-keys(#s(epg-context :protocol OpenPGP :program "/usr/bin/gpg2" :home-directory nil :armor nil :textmode nil :include-certs nil :cipher-algorithm nil :digest-algorithm nil :compress-algorithm nil :passphrase-callback (epg-passphrase-callback-function) :progress-callback nil :edit-callback nil :signers nil :sig-notations nil :process nil :output-file nil :result nil :operation nil :pinentry-mode nil :error-output "" :error-buffer nil) "<dkg <at> aclu.org>" encrypt)
  eval((mml-secure-find-usable-keys (epg-make-context 'OpenPGP) "<dkg <at> aclu.org>" 'encrypt) nil)


This appears to be because mml-secure-check-user-id chokes on the User
ID without any e-mail address.

The attached patch appears to fix the issue.  please include it in
emacs!

(i previously reported this to debian as https://bugs.debian.org/919642)

       --dkg



Configured using:
 'configure --build x86_64-linux-gnu --prefix=/usr
 --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --enable-libsystemd --with-pop=yes
 --enable-locallisppath=/etc/emacs:/usr/local/share/emacs/26.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/26.1/site-lisp:/usr/share/emacs/site-lisp
 --with-sound=alsa --without-gconf --with-mailutils --build
 x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib
 --libexecdir=/usr/lib --localstatedir=/var/lib
 --infodir=/usr/share/info --mandir=/usr/share/man --enable-libsystemd
 --with-pop=yes
 --enable-locallisppath=/etc/emacs:/usr/local/share/emacs/26.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/26.1/site-lisp:/usr/share/emacs/site-lisp
 --with-sound=alsa --without-gconf --with-mailutils --with-x=yes
 --with-x-toolkit=gtk3 --with-toolkit-scroll-bars 'CFLAGS=-g -O2
 -fdebug-prefix-map=/build/emacs-3ThesY/emacs-26.1+1=. -fstack-protector-strong
 -Wformat -Werror=format-security -Wall' 'CPPFLAGS=-Wdate-time
 -D_FORTIFY_SOURCE=2' LDFLAGS=-Wl,-z,relro'

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS NOTIFY
ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11 THREADS LIBSYSTEMD LCMS2

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

[0001-Avoid-elisp-crash-for-OpenPGP-User-IDs-with-no-e-mai.patch (text/x-diff, inline)]

From 856d4f2358df9c8977637a0ac007084d0b40b9f2 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
Date: Fri, 18 Jan 2019 03:12:07 -0500
Subject: [PATCH] Avoid elisp crash for OpenPGP User IDs with no e-mail address

* lisp/gnus/mml-sec.el: (mml-secure-check-user-id) verify that there
  is an e-mail address in the current User ID before trying to
  downcase it.

Signed-off-by: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
---
 lisp/gnus/mml-sec.el | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index a6d989a45f..db7489fbf1 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -659,6 +659,8 @@ The passphrase is read and cached."
     (catch 'break
       (dolist (uid uids nil)
 	(if (and (stringp (epg-user-id-string uid))
+                 (car (mail-header-parse-address
+                       (epg-user-id-string uid)))
 		 (equal (downcase (car (mail-header-parse-address
 					(epg-user-id-string uid))))
 			(downcase (car (mail-header-parse-address
-- 
2.20.1

[dkg@aclu.org.key (application/pgp-keys, attachment)]

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.