[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs wit
From: |
Daniel Kahn Gillmor |
Subject: |
bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address |
Date: |
Fri, 18 Jan 2019 03:18:48 -0500 |
Attached is an OpenPGP certificate (dkg@aclu.org.key) which has three
User IDs, one of which is "dkg@aclu.org" but another has no e-mail
address at all (it's just "Daniel Kahn Gillmor").
From a new, empty user account, i did the following:
gpg --batch --import < dkg@aclu.org.key
Then, in a new emacs window, in *scratch*, i ran the following:
(require 'mml)
(mml-secure-find-usable-keys (epg-make-context 'OpenPGP) "<dkg@aclu.org>"
'encrypt)
it crashes with the following backtrace:
Debugger entered--Lisp error: (wrong-type-argument char-or-string-p nil)
mml-secure-check-user-id(#s(epg-key :owner-trust ultimate :sub-key-list
(#s(epg-sub-key :validity ultimate :capability (sign certify) :secret-p nil
:algorithm 1 :length 3072 :id "138F5AB68615C560" :creation-time (23350 . 32581)
:expiration-time (24312 . 58949) :fingerprint
"888E6BEAC41959269EAA177F138F5AB68615C560") #s(epg-sub-key :validity ultimate
:capability (encrypt) :secret-p nil :algorithm 1 :length 3072 :id
"9ED30DE244D1D77F" :creation-time (23350 . 32581) :expiration-time nil
:fingerprint "9E2D1F76B4070A6BD4919CEA9ED30DE244D1D77F")) :user-id-list
(#s(epg-user-id :validity ultimate :string "Daniel Kahn Gillmor"
:signature-list nil) #s(epg-user-id :validity ultimate :string
"dkgillmor@aclu.org" :signature-list nil) #s(epg-user-id :validity ultimate
:string "dkg@aclu.org" :signature-list nil))) "<dkg@aclu.org>")
mml-secure-find-usable-keys(#s(epg-context :protocol OpenPGP :program
"/usr/bin/gpg2" :home-directory nil :armor nil :textmode nil :include-certs nil
:cipher-algorithm nil :digest-algorithm nil :compress-algorithm nil
:passphrase-callback (epg-passphrase-callback-function) :progress-callback nil
:edit-callback nil :signers nil :sig-notations nil :process nil :output-file
nil :result nil :operation nil :pinentry-mode nil :error-output ""
:error-buffer nil) "<dkg@aclu.org>" encrypt)
eval((mml-secure-find-usable-keys (epg-make-context 'OpenPGP)
"<dkg@aclu.org>" 'encrypt) nil)
This appears to be because mml-secure-check-user-id chokes on the User
ID without any e-mail address.
The attached patch appears to fix the issue. please include it in
emacs!
(i previously reported this to debian as https://bugs.debian.org/919642)
--dkg
Configured using:
'configure --build x86_64-linux-gnu --prefix=/usr
--sharedstatedir=/var/lib --libexecdir=/usr/lib
--localstatedir=/var/lib --infodir=/usr/share/info
--mandir=/usr/share/man --enable-libsystemd --with-pop=yes
--enable-locallisppath=/etc/emacs:/usr/local/share/emacs/26.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/26.1/site-lisp:/usr/share/emacs/site-lisp
--with-sound=alsa --without-gconf --with-mailutils --build
x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib
--libexecdir=/usr/lib --localstatedir=/var/lib
--infodir=/usr/share/info --mandir=/usr/share/man --enable-libsystemd
--with-pop=yes
--enable-locallisppath=/etc/emacs:/usr/local/share/emacs/26.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/26.1/site-lisp:/usr/share/emacs/site-lisp
--with-sound=alsa --without-gconf --with-mailutils --with-x=yes
--with-x-toolkit=gtk3 --with-toolkit-scroll-bars 'CFLAGS=-g -O2
-fdebug-prefix-map=/build/emacs-3ThesY/emacs-26.1+1=. -fstack-protector-strong
-Wformat -Werror=format-security -Wall' 'CPPFLAGS=-Wdate-time
-D_FORTIFY_SOURCE=2' LDFLAGS=-Wl,-z,relro'
Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS NOTIFY
ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11 THREADS LIBSYSTEMD LCMS2
Important settings:
value of $LANG: en_US.UTF-8
locale-coding-system: utf-8-unix
Major mode: Lisp Interaction
From 856d4f2358df9c8977637a0ac007084d0b40b9f2 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Fri, 18 Jan 2019 03:12:07 -0500
Subject: [PATCH] Avoid elisp crash for OpenPGP User IDs with no e-mail address
* lisp/gnus/mml-sec.el: (mml-secure-check-user-id) verify that there
is an e-mail address in the current User ID before trying to
downcase it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
lisp/gnus/mml-sec.el | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el
index a6d989a45f..db7489fbf1 100644
--- a/lisp/gnus/mml-sec.el
+++ b/lisp/gnus/mml-sec.el
@@ -659,6 +659,8 @@ The passphrase is read and cached."
(catch 'break
(dolist (uid uids nil)
(if (and (stringp (epg-user-id-string uid))
+ (car (mail-header-parse-address
+ (epg-user-id-string uid)))
(equal (downcase (car (mail-header-parse-address
(epg-user-id-string uid))))
(downcase (car (mail-header-parse-address
--
2.20.1
dkg@aclu.org.key
Description: application/pgp-keys
signature.asc
Description: PGP signature
- bug#34121: 26.1; elisp crashes on OpenPGP certificates with User IDs without an e-mail address,
Daniel Kahn Gillmor <=