670067 – RPM chokes trying to import a valid gpg public key (may be compiler/optimizer bug)

Bug 670067 - RPM chokes trying to import a valid gpg public key (may be compiler/optimizer bug)

Summary: RPM chokes trying to import a valid gpg public key (may be compiler/optimizer...

Keywords:
Status:	CLOSED DUPLICATE of bug 667582
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm
Sub Component:
Version:	14
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Panu Matilainen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	689357 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-01-17 04:13 UTC by JeanClaude Magras
Modified:	2011-07-13 14:14 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-07-13 13:37:40 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
This is a recording of my tracking the bug in a live gdb session (12.28 KB, text/plain) 2011-01-17 04:15 UTC, JeanClaude Magras	no flags	Details
I demonstrate that the examination of public key stops improprerly and test at rpmpgp.c:1463 is bad, (10.27 KB, text/plain) 2011-01-17 05:20 UTC, JeanClaude Magras	no flags	Details
One key that refused to be imported (1.67 KB, application/octet-stream) 2011-01-17 19:59 UTC, JeanClaude Magras	no flags	Details
This is what I mean by yum being attack vector but should be separate (39.71 KB, text/plain) 2011-01-24 16:46 UTC, JeanClaude Magras	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description JeanClaude Magras 2011-01-17 04:13:23 UTC

Description of problem:
rpm --import publicfilekey
reports a failure even for a valid public key

Version-Release number of selected component (if applicable):
4.8.1

How reproducible:
see gdb script


Steps to Reproduce:
1. rpm --import publicgpgfile
2.
3.
  
Actual results:
An error message saying gpg file is invalid

Expected results:
success

Additional info:

Comment 1 JeanClaude Magras 2011-01-17 04:15:17 UTC

Created attachment 473756 [details]
This is a recording of my tracking the bug in a live gdb session

Comment 2 JeanClaude Magras 2011-01-17 05:20:06 UTC

Created attachment 473761 [details]
I demonstrate that the examination of public key stops improprerly and test at rpmpgp.c:1463 is bad,

I have turned this into a security bug because b goes out of bounds
and pgpValTok (in rpmpgp.c) seems incomplete. Look at the bottom
of the second attachment just before pgpValTok seems to make a 
good recognition at $159  but then drops the ball.

Comment 3 Panu Matilainen 2011-01-17 06:54:34 UTC

Please attach the public key too for reproducing.

Comment 4 JeanClaude Magras 2011-01-17 19:59:08 UTC

Created attachment 473920 [details]
One key that refused to be imported

Comment 5 Panu Matilainen 2011-01-18 05:52:55 UTC

That key certainly works for me and obviously a whole lot of users. I suspect what you're seeing here is simply related to bug 667582: the armor of four keys in that bug causes corruption which is making things fail randomly.

Comment 6 JeanClaude Magras 2011-01-24 16:46:19 UTC

Created attachment 474988 [details]
This is what I mean by yum being attack vector but should be separate

This should probably be a separate report but it is a security
problem. Noscript and Selinux obviously didn't stop it.

Comment 7 Max Kessler 2011-04-05 23:52:56 UTC

*** Bug 689357 has been marked as a duplicate of this bug. ***

Comment 8 Max Kessler 2011-04-05 23:56:29 UTC

The key I cannot import is the same one.

Comment 9 Panu Matilainen 2011-07-13 13:37:40 UTC


*** This bug has been marked as a duplicate of bug 667582 ***

Comment 10 R P Herrold 2011-07-13 14:14:39 UTC

Panu -- 667582 is closed ... could you please open it, or work in this bug so I may follow it

Thank you

-- Russ herrold

Note You need to log in before you can comment on or make changes to this bug.