Key import segfault in libgcrypt

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Thu Apr 3 17:52:43 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 04/02/2014 10:41 AM, Hanno Böck wrote:
> Hello,
> 
> On my system if I try to import this key 
> http://pgp.mit.edu/pks/lookup?op=get&search=0x98EEB6F7D87171CF
> with gnupg it segfaults.
> 
> Backtrace (see below) indicates that the crash happens somewhere in
> libgcrypt, so I'm posting it here.
> 
> My libgcrypt version is 1.6.1, gnupg is 2.0.22.
> 
> I can reproduce it on another system with libgcrypt 1.5.3. Both are
> Gentoo.
> 
> Can anyone else reproduce? Any more info needed?

I can reproduce this using
$ gpg2 --version
gpg (GnuPG) 2.0.22
libgcrypt 1.7.0-beta60

$ gpg2 --import segfault-key.asc

gpg: signal Segmentation fault caught ... exiting
Segmentation fault


The error does not present in
kristianf at kflaptop ~/Tmp $ gpg2.1 --version
gpg (GnuPG) 2.1.0-beta308
libgcrypt 1.7.0-beta60

$ gpg2.1 --import segfault-key.asc
gpg: key 0x98EEB6F7D87171CF: public key "<<REMOVED>>" imported

this is running a gentoo system on amd64


> 
> cu, Hanno Böck
> 
> Backtrace: 0x00007ffff731c130 in _gcry_mpi_get_flag () from 
> /usr/lib64/libgcrypt.so.20 (gdb) bt #0  0x00007ffff731c130 in 
> _gcry_mpi_get_flag () from /usr/lib64/libgcrypt.so.20 #1 
> 0x00007ffff7286509 in do_vsexp_sscan () from 
> /usr/lib64/libgcrypt.so.20 #2 0x00007ffff7287aac in 
> _gcry_sexp_vbuild () from /usr/lib64/libgcrypt.so.20 #3 
> 0x00007ffff7281382 in gcry_sexp_build () from 
> /usr/lib64/libgcrypt.so.20 #4 0x0000000000432fba in pk_verify ()
> #5 0x000000000042e1d8 in do_check () #6  0x000000000042efc2 in 
> check_key_signature2 () #7 0x000000000042f1bb in 
> check_key_signature () #8  0x000000000044b526 in import_one.isra
> () #9  0x000000000044d22d in import () #10 0x000000000044dd15 in 
> import_keys_internal () #11 0x000000000044de7c in import_keys () 
> #12 0x000000000040b77c in main ()
> 
> 
> 
> 
> 
> _______________________________________________ Gcrypt-devel 
> mailing list Gcrypt-devel at gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
> 


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"There is no urge so great as for one man to edit another man's work."
(Mark Twain)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTPYPHAAoJEPw7F94F4TagMbcP/iFidE1jlgFRRflqVUn34oP4
ZlQJ2TaUiEF44CvxAMTn0OEmHy0OfHhTKpR9OiEbCJXh9qOQAyiMy96m6DmXoVba
Y9o4iT3Tbh/toXpXQFTjPtAQMu3GX+6yRM1fjHcU5FzOMMba4CqSinXEidKXSrcn
6TyKq0xTHufChKHsuor9CchItntlCk+w2HhcUHP6Shwirulr1aFBjJYwCQS4obn9
V0lw0au4h6MgEWxSBXvZks4fMwFuSDTbFvfrr0iv0HPEcMpnk7yzmNLYPUmM7TKD
nLHVEhEqaqrB75avD6UZOcF8c5DWDmr0IWGyDwhYGNOxMM5eMhjV4DdT3a+3G2/8
FYKWhEeimI8DlQPyV9zrf2Dvosdj6k4qHmMk8xIiKUhFJSIGr9zsA2gJ8QivFOg4
YD1yXKnSfX3b/e5DLoQR7qwaP2XH+7puJH5BNx1q0HYZ8TBbwUdyHmdAvlkeqCRw
6YxXs7w3sXeR+za4sYgMHPfahR8K4y9kwKBSalPr1O69PYEKOU7h/FWBSD2Ojw6n
+bpOyGRVizhgYichejdAig9A2VmryPnUIGG+84nVk9y6VeBDPl9qpCglHLsPQudE
EJd7dwDmtnnwwgPMmne0GTgvhztKnGbVNZ32svy4C/ilO6TbftSWxb8qBLFwyVkL
FptD/GlLxdg2FWot6C8O
=BPtn
-----END PGP SIGNATURE-----



More information about the Gcrypt-devel mailing list