Bug Report 1.0.5: Segfault on v3 sig verification

V. Alex Brennen vab at cryptnet.net
Wed May 9 00:00:02 CEST 2001


Sorry to send a bug report instead of a patch, but I messed with
this for about an hour and I couldn't figure it out.... (duhh)

Please let me know if you all have any trouble duplicating it...


	- VAB

-----------------------------------------------------------------------
Bug Report:  V3 Fingerprint print call in signature verification may
             cause segfault if no trust path found to pubkey  (?)

-----------------------------------------------------------------------
Versions:

Linux:  2.4.2 on i686                            (Compiled From Source)
GCC:    2.96                                             (Mandrake 8.0)
GDB:    GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0          (Mandrake 8.0)
GPG:    gpg (GnuPG) 1.0.5                        (Compiled From Source)
------------------------------------------------------------------------
GDB Session:
(Note:  tmpfile.txt is email enclosed below)

(gdb) run --verify /tmp/tmpfile.txt
Starting program: /usr/local/bin/gpg --verify /tmp/tmpfile.txt
gpg: Warning: using insecure memory!
gpg: Signature made Tue 08 May 2001 08:39:49 AM EDT using RSA key ID
6659C1E1
gpg: Good signature from "Robert A. Hettinga <rah at philodox.com>"
gpg:                 aka "Robert A. Hettinga <rah at shipwright.com>"
Could not find a valid trust path to the key.  Let's see whether we
can assign some missing owner trust values.

No path leading to one of our keys found.

gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
gpg: Fingerprint: B9 FD 9C BC 8C
Program received signal SIGSEGV, Segmentation fault.
0x400dbbce in _IO_padn () from /lib/libc.so.6

-------------------------------------------------------------------------
Back trace:

#0  0x400dbbce in _IO_padn () from /lib/libc.so.6
#1  0x4002040d in _IO_vfprintf () from /lib/libsafe.so.2.0
#2  0x40023da7 in vfprintf () from /lib/libsafe.so.2.0
#3  0x4001f2ba in _IO_vfprintf () from /lib/libsafe.so.2.0
#4  0x40023cb3 in vfprintf () from /lib/libsafe.so.2.0
#5  0x400c92f3 in fprintf () from /lib/libc.so.6
#6  0x0806b952 in fpr_info (pk=0x80dd128) at pkclist.c:92
#7  0x0806cab6 in check_signatures_trust (sig=0x80d8660) at pkclist.c:719
#8  0x0806025e in check_sig_and_print (c=0x80d8498, node=0x80d8808)
    at mainproc.c:1340
#9  0x080605a9 in proc_tree (c=0x80d8498, node=0x80d8620) at
mainproc.c:1448
#10 0x0805dca8 in release_list (c=0x80d8498) at mainproc.c:92
#11 0x0805fd54 in do_proc_packets (c=0x80d8498, a=0x80d42d8) at
mainproc.c:1176
#12 0x0805f966 in proc_signature_packets (anchor=0x0, a=0x80d42d8,
    signedfiles=0x0, sigfilename=0xbffff8a2 "/tmp/tmpfile.txt")
    at mainproc.c:1025
#13 0x080752a0 in verify_signatures (nfiles=1, files=0xbffff714)
    at verify.c:104
#14 0x0805306f in main (argc=1, argv=0xbffff714) at g10.c:1243
#15 0x400870de in __libc_start_main () from /lib/libc.so.6

--------------------------------------------------------------------------

PGP Signed message that I'm segfaulting when I try and verify:

-----BEGIN PGP SIGNED MESSAGE-----

The Program Committee of the Digital Commerce Society invites any
member of the above mailing lists to submit their proposal for a
luncheon talk to the Society.

Speakers can be any *principal* in any field of digital commerce.
That means anyone who is doing interesting research or development
in, or who is making significant market innovation in, the
technology, finance, economics, law, or policy of commerce on the
global public internetwork.

The Committee tends to consider the person giving the talk first, and
then gives the speaker lots of discretion in the content of their
talk -- as long as it pertains to DCSB's charter to promote
innovation in internet commerce.


The Society's meetings are held on the first Tuesday of the month at
the Downtown Branch of the Harvard Club of Boston, One Federal
Street, Thirty-Eighth Floor, in Boston, from 12 to 2 in the
afternoon.

Unfortunately, the Society can not remunerate a speaker for any fees
or expenses other than, obviously, the speaker's lunch, and basic
overhead projection equipment. There is dial-up internet access for
the meeting room.

If you, or anyone you know, are interested in speaking to the
society, please send, via email, a proposal, consisting of a single
paragraph on the speaker, and a single paragraph on the proposed
talk, to Robert Hettinga <mailto: rah at shipwright.com>, the chairman
of the DCSB Program Committee, and the Society's Moderator.

A list of previous speakers can be obtained with the following URL
<mailto:majordomo at reservoir.com?body=info%20dcsb>, or, if your
mailreader/browser doesn't support mailtos,

send

info dcsb

in the *body* of a message to majordomo at reservoir.com .

Thank you for considering DCSB in your speaking plans, and, if you
have any questions on your submission, please contact me directly.

Cordially,
Robert A. Hettinga
Moderator and Program Committee Chair,
The Digital Commerce Society of Boston

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQEVAwUBOvfpFcUCGwxmWcHhAQErTwf+MfhhAHNzQmiqvSwcht+5HqbeEClhHUrm
Vq9VvQtu5lmZ53MTEtig2NnSrzMcGK6gsNP0S9wGnmU0Goagx5qu75b5uJgXNWtV
b10XbSCJuR93SWk+nuvGFQxFcUFC7cUWMIcCWnnb0RBOU7/lwOJ5+C9W52KoDGIM
qc1d4LUkvvmQUyC4JzOaLL6XpGdiI/ZNttQZyMDFPof7ytMZuVxJPl9cPcBXy6XC
gY10y3GkOby5BiTr85/t0q4VZtUw3qHNIYttVFg8hMaEnlNwB53uF9CHNroHMd0Z
DWcc+LCO0yNxAX69ZNzdNN/5tBqeAJ/NMIspD5FQW8+jFyo8CXpdQw==
=TWO0
-----END PGP SIGNATURE-----

------------------------------------------------------------------
Pubykey data in my ring for 0x6659C1E1:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQEPAzMwdgMAAAEIALXtk50b0KQWz0RiTBOa25SbWk8cCR6WtafoH3QHwbajqTMI
ZwOmujLRGjwAvrdqZbW9RIUP7WAe3XnDiCN+vt7ufBk1YoRuZPb5T01X5pCcVNpw
rd4DrMhgoSqLkcbn4+ShUxfPwnc8VemFanQicbcmnsK9CzFB/D2IxmOMVttecx9n
Afd2C6h3kWZ4VJARL7g4vvqE+hWJs7z5g1jHJkCr/0KsVVaI/uhE4sha5Bt3Kaxr
0GOi+VS/UQDc+GTjSAgC/AZSQWWNkME3Tn8vQZcso0eRvPLxXrDMYL4gNRYlji8v
40PUaWOX3oW+svXhBJOP7u8SZG7BxQIbDGZZweEAEQEAAbQnUm9iZXJ0IEEuIEhl
dHRpbmdhIDxyYWhAc2hpcHdyaWdodC5jb20+iEYEEBECAAYFAjXH55QACgkQi6Jr
gMU5ZVemcwCfem8GycWhdXDF9Mlg9g3Hexqwse8AoPhXXAwuMgN2UhsB41oLmtME
uKd+iD8DBRA17gJNokZcIciZAxwRAtXXAJ9eJTz0EYGu/DF0affTQJB1JkAFhgCg
6XxY+qpQTXH+e6fzq9htK2oleyeIRgQQEQIABgUCNcfnvAAKCRCjwtEStjzoUblT
AKDotUgCW3z8ISWHamr0eKSjgMvMYACePXqWGa+3hEhbzfBViS2l2FT4cJKIRgQQ
EQIABgUCNcfn7gAKCRCs2MAZgvJsExFsAKD8Ab8bzNbF1FV4CehU/fQNU21k0wCg
sqp9jws/6i9iGG8MieSSoyrWiJaJAJUDBRAzf0n0xPJW7RXElmkBAWrwA/94RSUR
78fjaCFDkZoBYcowY2ybH4pN77UtY9OhStHni6H8v7K4j6PxbmND2GlTRlyEg0+9
vr4r64xqeSfM2UUOJcSGUwkeAlGI2I0pRNQDhayq9LL6/agWpiooxoC74HV2JDO/
4c25vsqnsDF7cgiPwxKJMbf/iFDs62Cjz9JflYkBFQMFEDM4DY7FAhsMZlnB4QEB
auwH/31bwoVJX9PzJqEwaDLNVrG05JYP1cog+o+e/KpiEXbEJBMSR7qKZoEu6odO
6T3tZrnoHWmWPX0NzlIPIGbYT2qlDPFUQW7Nd9jqrONM7Ne3+tOvBW8M6bt2DBJJ
9e1q4RvYZ21CkItRRGGWH2uY0aMHxalcCjmSJs5SlMJYxFzfelxiosKZiU9hIs0m
/snU6NNZIISFJXwE5dmOqy98d2E8G218E9F5biW4/Q7Tzn11wMwwluDGix8ANdnD
V7+EzFmATH5B0r/Ja47T7bdiVUAFpRinvxjlDLdQ+kTItY/cRJjocmAxk4ceju9O
evqEeB5tdrpeWharuLe4P0zDIxCJARUDBRAzkjQe7IvUsNfcn30BAZYDB/wMuYkg
BPpbgJLsT4Vj6q2o5XbRAd0wz3uOnj/fA5zxUAPDZYnHb8ZmqEt3P8qTPdvw9taO
SL7wjLqgkl3DR3HQ6Jh0poU2wYu7r9oJ5YdmWRdu8OMl0z2nXfoMq2vGjuxUegsf
o76ZYbNOrmcTmyL7USpWPGDXJ2/sGfTqqpx8V8pmRZpnxyyfntentCEsHW/pGdr5
86ZtCIVnSZ0/Dsy3lZoppyDp2F0YCpqNiyBBBF9PqhOSaITQUoBBh43GFUNVfdH4
f87SI4h+4QGJ3K2EQOv3qM+yXHvZDOHegX0Et52PBWHpqADUuzVXO4rwCvd3GW9M
ah96J0Cj1kOfZcOaiQCVAwUQMzFXr/MF2+rAU+UdAQG3cwQAyBi8WgfDZmsnqbuY
AXCPRuIRaW5U/nJrQ1oZtHjSwdvDlbGkjMMNKw3hVlvnT4kHBAhy9VIIDRzb3tO3
4CKn8ZxLbRq0+MMVo0D44USIehiFgj7vfsa0h3Uwd6lWDp/a8JzIWP25c6nTIT+o
8qJe+kWw+5D0j2aVl8LIJ9zAWWmIRgQQEQIABgUCNGCMywAKCRATyfjPT6gpFcXN
AJ4jo034rZDpdd8PVSN3kYudRFUXigCeIa/EaRHjpxwqgl9gKfLqm3bRTUKJAO0D
BRAznx7EGxeJoBZrft0BAauABrsGDlV56j2z7sJxqnLm5rTRKctlDLFWJQq6JYzG
Ejg06e41qoKVQdyxaOh83ZCZwxDWYNMt+6TaDtsm3/ZS5j44pxlV/VZRObCnBRLJ
GUhoLAemEl6SRH2mWkCOs7HZkQ7eLnLTCa2gM3X/zc57aMSDDiGI2O6NJ8FUVW21
tvZ6wirz58NcrSsO9mbt4Fl/YniQl4XY11gP+Q8PKHasvLsWouYnRrV2oj+1zYKI
p/HxyHjqJUHSdo+QfC8ISmlHP1cQXyqQydU6VBjTlbepvXuSCuQkjfdDT2CIPwMF
EDN9hadf+9cfglRj5hECs7cAoItmrpyNRp1Iw3Har9KE7QXu3K0oAJ9uFHw1CzLJ
75TZfR10Em9HDm1VBIhGBBARAgAGBQI1x+dcAAoJEGU5iQSM6LaTC8EAn0Y3Ja4c
gaJJ4/inUWESNXPz80qkAKCQiyODevb2XjceoJlmPLc1UmVKD4kAogMFEDOfHuB6
rtRInhTs1QEBbLIEYgLnSU4b+lfgTqLQ201eld8W5OzhMlTHC7pLrzQcOro3Hzzx
29I+3OXZdDq3cbL3tqaLR3qu/wA+uGH1mcMS4avWHNLbrtyuo75TH/UdOiy9SWH4
QII3i3AbaSlYNr3pV3xk3H4SwROw15VZ+qLBIjkI3/58Ee67PBNhYC5/5WrXNRmq
1kyPrhqj3wA6DYhKBBARAgAKBQI3bTe2AwUBeAAKCRAoM8elNrriZ/FtAKChcev3
4dHo1V+bgTGXOfGrzlZaOwCgj5JXylv4fF2oJpIkrbaaDnGHGvyJAJUDBRAzudTX
O8yObFXHiw0BAcJOA/9XJ3Xy9lbwwVuwPNfPTP3BLPUDZnreLSzw0k0yQfF+xec5
b6b6xPlQBPC3B0QdelsN0ITiKVQolb1oNeibjhc5sV9puO0+yvmF7hbtUq1n1Qr+
w6kAneVPLeigPEr6N1NFUZFa0enEgZ2m0pdOOsoF6T0KA40mXqJD8gAsRDv144g/
AwUQNzomXF2dwfFxPryjEQJgdACbBPwEIOX/TleWictILJDr0aWmIkIAn3VNtJlZ
6otb/9b3egXWGeNXJUGMiQEgBBABAQAKBQI3bTbSAwUBeAAKCRBemzUTXiis8xPm
B/9JR4ORjEEWrQEc3ly2UjBAnWOdVl1KakDY2E1LtjiWdTbRlm2BTSAgNitMlcXw
5yKK9BIuTpFX5hI5jvImPmUlWnrifOEUzhxZBu+fBUrQVgNIQYS19yrR3R6gVWSL
BbA9cWM8DH+v5aArWS8HadQfpAO5xNNfRdAoLGNEOYeeuTmI/iN+B9b8HKIXMw08
YAQq+NNL9himDL/I85J/gqlcUOT+bIzM4rsuBkc4gu+WyqGdAKJ4sDHPaGijQDP0
2/s0Mh/+RcbBbHL1BxkQu7Gz3BaDKddU7ZMivyInYOZ/3/1NAwxY4or6dXqy/Svx
nF1OjfxrMwmO96q/T7NXsGLetCVSb2JlcnQgQS4gSGV0dGluZ2EgPHJhaEBwaGls
b2RveC5jb20+iD8DBRA3OiqnXZ3B8XE+vKMRArO9AKCLg9oHJBCge5vWJPKSlBCG
xtXolQCeK4RRFBTN2sHwCbex0cn2l06LOaSJARUDBRA1CvZWxQIbDGZZweEBATBO
CACLOjRTXx+3yhHpVjQ7fniKzF3bfDTqbZdGHIMFbDCGEBbxuxnuLoW2zX5wCP8Y
/8xABAApZ5ARxGmbmWp3iZHhlpNcF+88x5roJcoKPfxA9C9K/FPLQjmJVHjAv505
ej6qfOc6VQfAofzprdAseH7YthUoKPNtKwKjuZW/3tqS8F4ywsJXgu58781RROIH
+Hs7p7L/YxKYSS/11gaKURHYEz0OfQBRomFPYV3Ndw2tcxWIiEP3DkQPgNW1sI2A
h2xykM8fe3GJzBpurzucnW1U1Wiy3qRQDqk8Lsmdtm+DziLvrqfJfSeNNs3SDQoE
cWQSzEfOiObsfODg7/+BUjKM
=sW18
-----END PGP PUBLIC KEY BLOCK-----





More information about the Gnupg-devel mailing list