[solved] Re: gpg 2.0.11 reports invalid packets on keys from gpg 1.4.9 and keyservers
Werner Koch
wk at gnupg.org
Tue May 26 10:29:21 CEST 2009
Hi!
An older libgcrypt actually showed the problem:
an mpi of size 0 is not allowed
an mpi of size 0 is not allowed
gpg: read_block: read error: Invalid packet
thus finding the bug was easy after John sent me the full bad key. The
bug is due to an inconsistency between Libgcrypt and and GnuPG-1.4.
That problem must have been there for many years and will be fixed in
Libgcrypt 1.5.0. For the time being I implemented a workaround in
GnuPG. It is already commited SVN to trunk; find a patch below.
Shalom-Salam,
Werner
--- g10/parse-packet.c (revision 5015)
+++ g10/parse-packet.c (working copy)
@@ -139,9 +139,19 @@
p[i+2] = iobuf_get(inp) & 0xff;
nread++;
}
- if ( gcry_mpi_scan( &a, GCRYMPI_FMT_PGP, buf, nread, &nread ) )
- a = NULL;
-
+
+ if (nread >= 2 && !(buf[0] << 8 | buf[1]))
+ {
+ /* Libgcrypt < 1.5.0 accidently rejects zero-length (i.e. zero)
+ MPIs. We fix this here. */
+ a = gcry_mpi_new (0);
+ }
+ else
+ {
+ if ( gcry_mpi_scan( &a, GCRYMPI_FMT_PGP, buf, nread, &nread ) )
+ a = NULL;
+ }
+
leave:
gcry_free(buf);
if ( nread > *ret_nread )
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list