Bug 2009978 - gpg-agent crashes when decrypting (symmetrically) encrypted file
Summary: gpg-agent crashes when decrypting (symmetrically) encrypted file
Alias: None
Product: Fedora
Classification: Fedora
Component: gnupg2
Version: 35
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Red Hat Crypto Team
QA Contact: Fedora Extras Quality Assurance
: 2011807 2026617 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2021-10-02 15:45 UTC by Göran Uddeborg
Modified: 2021-11-25 12:55 UTC (History)
6 users (show)

Fixed In Version: gnupg2-2.3.2-3.fc35
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-10-29 22:59:49 UTC
Type: Bug

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-297 0 None None None 2021-10-02 15:46:02 UTC

Description Göran Uddeborg 2021-10-02 15:45:02 UTC
Description of problem:
After upgrading to gnupg2 for F35, I can no longer decrypt gpg-encrypted files.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. echo apa > bepa
2. gpg -c -o bepa.gpg bepa
3. gpgconf --reload gpg-agent # To drop the cached value so it will ask again
4. gpg -d bepa.gpg

Actual results:
gpg: problem with the agent: End of file
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

In the journal it says

    okt 02 17:34:11 mimmi kernel: gpg-agent[1066955]: segfault at 20 ip 000055636a220627 sp 00007f980bffeca0 error 4 in gpg-agent[55636a210000+35000]
    okt 02 17:34:11 mimmi kernel: Code: 48 c7 44 24 50 00 00 00 00 4d 85 c0 6a 00 41 55 4d 0f 44 c7 44 8b 4c 24 30 e8 65 8b 01 00 58 5a 48 8b 7c 24 48 e8 d9 12 ff ff <8b> 04 25 20 00 00 00 48 c7 44 24 48 00 00 00 00 0f 0b 0f 1f 80 00
    okt 02 17:34:11 mimmi systemd-coredump[1066961]: Resource limits disable core dumping for process 1066690 (gpg-agent).
    okt 02 17:34:11 mimmi systemd-coredump[1066961]: [🡕] Process 1066690 (gpg-agent) of user 1003 dumped core.

Expected results:
apa (I.e. the contents of the original file.)

Additional info:
I tried installing debuginfo packages and then attaching the debugger to gpg-agent after the password dialogue came up but before I entered the password. It points the segmentation violation to line 1957 of command.c which contains the statement "entry_errtext = NULL". It doesn't make sense to me that could crash, so I guess it is something in the optimisation done by the compiler I don't understand.

Comment 1 Jakub Jelen 2021-10-06 08:42:30 UTC
Thank you for the report.

In can reproduce this locally with the same debugging results as you have. I am afraid that there will be some threads in play. I am just trying without debuginfo, which points to the correct line (where pi is null):

1958	      is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);

This was already fixed in upstream so I will backport this commit af3b1901549baa8fbe8140d9fa75a4a2b7a77a7e to Fedora.

Comment 2 Fedora Update System 2021-10-06 09:27:34 UTC
FEDORA-2021-4bf2879524 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-4bf2879524

Comment 3 Fedora Update System 2021-10-07 15:53:47 UTC
FEDORA-2021-4bf2879524 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-4bf2879524`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-4bf2879524

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 4 Jakub Jelen 2021-10-08 09:08:19 UTC
*** Bug 2011807 has been marked as a duplicate of this bug. ***

Comment 5 Fedora Update System 2021-10-29 22:59:49 UTC
FEDORA-2021-4bf2879524 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 6 Jakub Jelen 2021-11-25 12:55:10 UTC
*** Bug 2026617 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.