Problems with gpgsm/dirmngr in gnupg-2.1.0-beta751

Jens Lechtenboerger lechten at wi.uni-muenster.de
Tue Sep 2 16:40:01 CEST 2014


On 2014-08-05, Werner Koch wrote:

> On Thu, 31 Jul 2014 10:26, bernhard at intevation.de said:
>
>> In our setups we prefer to run dirmnger as a system service,
>> you could try this variant and see if you get further.
>
> This changed with 2.1.  Dirmngr has been changed to be a proper part of
> GnuPG and it is started on demand by gpg or gpgsm.
>
> The LDAP code of the new dirmngr has not been well tested, though.

The problem still persists with beta783, and is actually in the HTTP
code:

crl_fetch calls http_open_document with NULL as session, which in
turn calls http_open.  If I understand correctly, session is only
useful for HTTPS connections, while the attempt to download the CRL
is via HTTP.  Thus, session should not be accessed at all.

However, http_open calls http_session_ref, dereferencing the NULL
session.  A quick fix is to add a NULL check to http_session_ref.
A better solution might be to use session only for HTTPS
connections.  (Actually, no HTTP open should work right now, unless
it is passed a bogus session.)

Best wishes
Jens



More information about the Gnupg-devel mailing list