[PATCH 5/5] gpg: Fix regexp sanitization.

John O'Meara john.fr.omeara at gmail.com
Wed Jul 19 14:55:34 CEST 2017

Quoth Justus Winter <justus at g10code.com> on Wed, 19 Jul 2017 13:22:29 +0200:

> Damien Goutte-Gattat <dgouttegattat at incenp.org> writes:
>> This patch updates the function to escape only the meaningful
>> characters (minus the dot).
> I'm not convinced that this patch is correct.  I'm not convinced that we
> should attempt any kind of sanitization at all.  This happens right
> before the expression is fed to the regex engine.  I could somehow
> understand that we do sanitization or try to suggest improvements when
> users enter an expression, but not when interpreting expressions found
> in keys.
> Imagine I have for some reason the expression 'foo.*\.org' in a trust
> signature, because I only want to match organisations starting with foo.
> RFC4880 seems to allow that aiui.  Your patch breaks that, but so does
> sanitize_regexp as it is now.
> I don't see how and why we should do any sane sanitization at all.
> Discuss!

As I see it, the problem is that the OpenPGP regex dialect
(from RFC4880) is different than the one that POSIX uses. I
can see 3 options for dealing with the difference:

 1: Implement the RFC4880 dialect ourselves. This seems
    error prone and a 'reinvention of the wheel'.

 2: Utilize the regex implementation specified in RFC4880. I
    presume this wasn't done due to license incompatibility
    (but I don't actually know).

 3: Convert from RFC4880 regex dialect to POSIX dialect and
    then feed the result to the POSIX engine.
The latter is what I attempted in my January patch, and for
the purpose of covering cases like the 'foo.*\.org' case you
mention. For my own purposes, I needed to select 2 domains,
so I needed something like '(domA|domB)\.com', which my
patch also covered. (However, I didn't have any coded tests
for it)

I think option 2 would be the best, if possible, because
then there shouldn't be any weird corner cases to worry

I am happy in the short term for Damien's patches, since
they provide the testing foundation and the sanitation
update at least allows simple trust signatures to work now.

John O'Meara

More information about the Gnupg-devel mailing list