Bug 670067

Summary:

RPM chokes trying to import a valid gpg public key (may be compiler/optimizer bug)

Product:

[Fedora] Fedora

Reporter:

JeanClaude Magras <jeanclaude.magras>

Component:

rpm

Assignee:

Panu Matilainen <pmatilai>

Status:

CLOSED DUPLICATE

QA Contact:

Fedora Extras Quality Assurance <extras-qa>

Severity:

medium

Docs Contact:

Priority:

low

Version:

CC:

cyberman, ffesti, herrold, jim+redhat, jnovy, pmatilai

Target Milestone:

---

Target Release:

---

Hardware:

i686

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2011-07-13 13:37:40 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Attachments:

Description	Flags
This is a recording of my tracking the bug in a live gdb session	none
I demonstrate that the examination of public key stops improprerly and test at rpmpgp.c:1463 is bad,	none
One key that refused to be imported	none
This is what I mean by yum being attack vector but should be separate	none

Description JeanClaude Magras 2011-01-17 04:13:23 UTC

Description of problem:
rpm --import publicfilekey
reports a failure even for a valid public key

Version-Release number of selected component (if applicable):
4.8.1

How reproducible:
see gdb script


Steps to Reproduce:
1. rpm --import publicgpgfile
2.
3.
  
Actual results:
An error message saying gpg file is invalid

Expected results:
success

Additional info:

Comment 1 JeanClaude Magras 2011-01-17 04:15:17 UTC

Created attachment 473756 [details]
This is a recording of my tracking the bug in a live gdb session

Comment 2 JeanClaude Magras 2011-01-17 05:20:06 UTC

Created attachment 473761 [details]
I demonstrate that the examination of public key stops improprerly and test at rpmpgp.c:1463 is bad,

I have turned this into a security bug because b goes out of bounds
and pgpValTok (in rpmpgp.c) seems incomplete. Look at the bottom
of the second attachment just before pgpValTok seems to make a 
good recognition at $159  but then drops the ball.

Comment 3 Panu Matilainen 2011-01-17 06:54:34 UTC

Please attach the public key too for reproducing.

Comment 4 JeanClaude Magras 2011-01-17 19:59:08 UTC

Created attachment 473920 [details]
One key that refused to be imported

Comment 5 Panu Matilainen 2011-01-18 05:52:55 UTC

That key certainly works for me and obviously a whole lot of users. I suspect what you're seeing here is simply related to bug 667582: the armor of four keys in that bug causes corruption which is making things fail randomly.

Comment 6 JeanClaude Magras 2011-01-24 16:46:19 UTC

Created attachment 474988 [details]
This is what I mean by yum being attack vector but should be separate

This should probably be a separate report but it is a security
problem. Noscript and Selinux obviously didn't stop it.

Comment 7 Max Kessler 2011-04-05 23:52:56 UTC

*** Bug 689357 has been marked as a duplicate of this bug. ***

Comment 8 Max Kessler 2011-04-05 23:56:29 UTC

The key I cannot import is the same one.

Comment 9 Panu Matilainen 2011-07-13 13:37:40 UTC


*** This bug has been marked as a duplicate of bug 667582 ***

Comment 10 R P Herrold 2011-07-13 14:14:39 UTC

Panu -- 667582 is closed ... could you please open it, or work in this bug so I may follow it

Thank you

-- Russ herrold