[PATCH] python: Fix crash by leaving struct members intact

Justus Winter justus at gnupg.org
Mon Mar 5 15:13:16 CET 2018

Tobias Mueller <muelli at cryptobitch.de> writes:

> * lang/python/setup.py.in: Copy gpgme.h instead of parsing it.
> --
> The python bindings tried to parse deprecated functions
> out of gpgme.h. This fails for the current gpgme.h in
> that it removes an entire field in the key sig struct (_obsolete_class).
> Hence, the fields were off by an int and the bindings accessed struct
> members via the wrong offset. That caused python program to crash.
> At least on 32bit platforms, the crash can be easily triggered by
> accessing key.uids[0].signatures. On 64bit platforms the compiler
> probably aligns the struct so that the missing 4 bytes are not noticed.
> With this change, the python bindings will expose all functions
> that gpgme exposes, including the deprecated ones.

Some context:  Previously, the bindings filtered out deprecated
functions using a regular expression when generating the low-level
bindings using SWIG.  This is what you see as e.g. gpg.core.gpgme, a
thin autogenerated wrapper around libgpgme.

(Disclaimer: We inherited this from pyme).

So the bindings then put a layer of sugar on top of that low-level
bindings to make them more idiomatic.  This layer consists of
hand-written functions that carry docstrings.  This is what we want
people to use, and this is also what people will discover when they play
around with the bindings in ipython.

The bindings actually synthesize wrapper functions on demand.  E.g. if I
were to create a context, c = gpg.Context(), I could say
c.op_assuan_result and it would wrap gpgme_op_assuan_result.

(Disclaimer: We also inherited this from pyme).

This is one of the deprecated functions.  Without this patch, accessing
c.op_assuan_result would fail, with it it succeeds.  I don't know
whether or not using that function from python is sensible or even
possible, but that is what happens.

So the cost of applying this patch is to expose some deprecated
functionality that people could suddenly use if they really wanted to.

However, the current state is worse, because clearly parsing and
modifying C using regular expressions cannot work reliably, and in fact
this is a real problem, e.g.:


When in doubt, don't lie to your compiler ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180305/2199ec16/attachment.sig>

More information about the Gnupg-devel mailing list