GNU bug report logs - #34121
26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address

Previous Next

Package: emacs;

Reported by: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>

Date: Fri, 18 Jan 2019 08:20:01 UTC

Severity: normal

Found in version 26.1

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
Subject: bug#34121: closed (Re: bug#34121: 26.1; elisp crashes on OpenPGP
 certificates with User IDs without an e-mail address)
Date: Fri, 25 Jan 2019 08:43:03 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 34121 <at> debbugs.gnu.org.

-- 
34121: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=34121
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Eli Zaretskii <eliz <at> gnu.org>
To: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
Cc: 34121-done <at> debbugs.gnu.org
Subject: Re: bug#34121: 26.1;
 elisp crashes on OpenPGP certificates with User IDs without an e-mail
 address
Date: Fri, 25 Jan 2019 10:42:23 +0200

> From: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
> Date: Fri, 18 Jan 2019 03:18:48 -0500
> 
> This appears to be because mml-secure-check-user-id chokes on the User
> ID without any e-mail address.
> 
> The attached patch appears to fix the issue.  please include it in
> emacs!

Thanks, pushed to the emacs-26 branch.

Please in the future observe the rules set forth in CONTRIBUTE: there
should be no Signed-off-by: lines in the log message, and the log
message should be formatted as a ChangeLog entry (you can use Emacs
ChangeLog commands to create it).


[Message part 3 (message/rfc822, inline)]
From: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
To: bug-gnu-emacs <at> gnu.org
Subject: 26.1;
 elisp crashes on OpenPGP certificates with User IDs without an e-mail
 address
Date: Fri, 18 Jan 2019 03:18:48 -0500

[Message part 4 (text/plain, inline)]
Attached is an OpenPGP certificate (dkg <at> aclu.org.key) which has three
User IDs, one of which is "dkg <at> aclu.org" but another has no e-mail
address at all (it's just "Daniel Kahn Gillmor").

From a new, empty user account, i did the following:

    gpg --batch --import < dkg <at> aclu.org.key

Then, in a new emacs window, in *scratch*, i ran the following:

    (require 'mml)
    (mml-secure-find-usable-keys (epg-make-context 'OpenPGP) "<dkg <at> aclu.org>" 'encrypt)

it crashes with the following backtrace:

Debugger entered--Lisp error: (wrong-type-argument char-or-string-p nil)
  mml-secure-check-user-id(#s(epg-key :owner-trust ultimate :sub-key-list (#s(epg-sub-key :validity ultimate :capability (sign certify) :secret-p nil :algorithm 1 :length 3072 :id "138F5AB68615C560" :creation-time (23350 . 32581) :expiration-time (24312 . 58949) :fingerprint "888E6BEAC41959269EAA177F138F5AB68615C560") #s(epg-sub-key :validity ultimate :capability (encrypt) :secret-p nil :algorithm 1 :length 3072 :id "9ED30DE244D1D77F" :creation-time (23350 . 32581) :expiration-time nil :fingerprint "9E2D1F76B4070A6BD4919CEA9ED30DE244D1D77F")) :user-id-list (#s(epg-user-id :validity ultimate :string "Daniel Kahn Gillmor" :signature-list nil) #s(epg-user-id :validity ultimate :string "dkgillmor <at> aclu.org" :signature-list nil) #s(epg-user-id :validity ultimate :string "dkg <at> aclu.org" :signature-list nil))) "<dkg <at> aclu.org>")
  mml-secure-find-usable-keys(#s(epg-context :protocol OpenPGP :program "/usr/bin/gpg2" :home-directory nil :armor nil :textmode nil :include-certs nil :cipher-algorithm nil :digest-algorithm nil :compress-algorithm nil :passphrase-callback (epg-passphrase-callback-function) :progress-callback nil :edit-callback nil :signers nil :sig-notations nil :process nil :output-file nil :result nil :operation nil :pinentry-mode nil :error-output "" :error-buffer nil) "<dkg <at> aclu.org>" encrypt)
  eval((mml-secure-find-usable-keys (epg-make-context 'OpenPGP) "<dkg <at> aclu.org>" 'encrypt) nil)


This appears to be because mml-secure-check-user-id chokes on the User
ID without any e-mail address.

The attached patch appears to fix the issue.  please include it in
emacs!

(i previously reported this to debian as https://bugs.debian.org/919642)

       --dkg



Configured using:
 'configure --build x86_64-linux-gnu --prefix=/usr
 --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --enable-libsystemd --with-pop=yes
 --enable-locallisppath=/etc/emacs:/usr/local/share/emacs/26.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/26.1/site-lisp:/usr/share/emacs/site-lisp
 --with-sound=alsa --without-gconf --with-mailutils --build
 x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib
 --libexecdir=/usr/lib --localstatedir=/var/lib
 --infodir=/usr/share/info --mandir=/usr/share/man --enable-libsystemd
 --with-pop=yes
 --enable-locallisppath=/etc/emacs:/usr/local/share/emacs/26.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/26.1/site-lisp:/usr/share/emacs/site-lisp
 --with-sound=alsa --without-gconf --with-mailutils --with-x=yes
 --with-x-toolkit=gtk3 --with-toolkit-scroll-bars 'CFLAGS=-g -O2
 -fdebug-prefix-map=/build/emacs-3ThesY/emacs-26.1+1=. -fstack-protector-strong
 -Wformat -Werror=format-security -Wall' 'CPPFLAGS=-Wdate-time
 -D_FORTIFY_SOURCE=2' LDFLAGS=-Wl,-z,relro'

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS NOTIFY
ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11 THREADS LIBSYSTEMD LCMS2

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction


[0001-Avoid-elisp-crash-for-OpenPGP-User-IDs-with-no-e-mai.patch (text/x-diff, inline)]
From 856d4f2358df9c8977637a0ac007084d0b40b9f2 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
Date: Fri, 18 Jan 2019 03:12:07 -0500
Subject: [PATCH] Avoid elisp crash for OpenPGP User IDs with no e-mail address

* lisp/gnus/mml-sec.el: (mml-secure-check-user-id) verify that there
  is an e-mail address in the current User ID before trying to
  downcase it.

Signed-off-by: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
---
 lisp/gnus/mml-sec.el | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index a6d989a45f..db7489fbf1 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -659,6 +659,8 @@ The passphrase is read and cached."
     (catch 'break
       (dolist (uid uids nil)
 	(if (and (stringp (epg-user-id-string uid))
+                 (car (mail-header-parse-address
+                       (epg-user-id-string uid)))
 		 (equal (downcase (car (mail-header-parse-address
 					(epg-user-id-string uid))))
 			(downcase (car (mail-header-parse-address
-- 
2.20.1


[dkg@aclu.org.key (application/pgp-keys, attachment)]
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 177 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.