AW: gpgme_op_decrypt segfault

Schultschik, Sven sven.schultschik at siemens.com
Mon Jun 28 21:37:58 CEST 2021 

Hello all together,

I have created a small Applikation to zip and encrypte and vise versa.

I struggle at the point of          err = gpgme_op_decrypt(ctx, in, out); 
Which terminates with an segfault if not sufficient access rights are
available. If I run with sudo it works as expected.

The segfault is not catchable, I tried.

Am I doing something wrong or is this a bug in the lib? I would expect a
catchable exception.

Here is a little code snippet from the application.

int decryptBackup(string backupname, string webpw)
{
    fprintf(stderr, "Decrypte backup start\n");
    filesystem::path encryptedFullBackupPath;
    try
    {
        encryptedFullBackupPath = getFullBackupPath(backupname, true);
    }
    catch (exception &ex)
    {
        if (webpw != "")
        {
            throw ex;
        }
        return false;
    }

    gpgme_check_version(NULL);

    gpgme_ctx_t ctx;
    gpgme_error_t err;
    gpgme_data_t in, out;
    gpgme_decrypt_result_t result;

    init_gpgme();

    err = gpgme_new(&ctx);
    fail_if_err(err);
    gpgme_set_armor(ctx, 1);
    fprintf(stderr, "instream\n");
    FILE *instream;
    instream = fopen(encryptedFullBackupPath.c_str(), "r");
    if (instream == NULL)
    {
        throw runtime_error("Backup archive not found " +
encryptedFullBackupPath.string() + "\n");
    }
    err = gpgme_data_new_from_stream(&in, instream);
    fail_if_err(err, in, out, instream);
    fprintf(stderr, "outstream\n");
    filesystem::path fullBackupPath = getFullBackupPath(backupname, false,
false);
    FILE *outstream;
    outstream = fopen(fullBackupPath.c_str(), "w");
    err = gpgme_data_new_from_stream(&out, outstream);
    fail_if_err(err, in, out, instream, outstream);

    if (!(webpw.empty() || webpw == ""))
    {
        _pw = webpw;

        err = gpgme_set_pinentry_mode(ctx, GPGME_PINENTRY_MODE_LOOPBACK);
        fail_if_err(err, in, out, instream, outstream, fullBackupPath);

        gpgme_set_passphrase_cb(ctx, passphrase_cb, NULL);
    }
    fprintf(stderr, "gpgme_op_decrypt(ctx, in, out)\n");
    try{
         err = gpgme_op_decrypt(ctx, in, out);
    }catch (const char *msgc)
    {
        string msg = msgc;
        size_t found = msg.find("Segmentation");
        fprintf(stderr, "lib const char. %s\nFound %zi\n", msgc, found);
        if (found != string::npos)
            fprintf(stderr, "No permission.\n");
        else
            fprintf(stderr, "%s\n", msgc);
        exit(EXIT_FAILURE);
    }
    catch (const std::exception &e)
    {
        string msg = e.what();
        size_t found = msg.find("Segmentation");
        fprintf(stderr, "lib exception. %s\nFound %zi\n", msg.c_str(),
found);
        if (found != string::npos)
            fprintf(stderr, "No permission.\n");
        else
            fprintf(stderr, "%s\n", msg.c_str());
        exit(EXIT_FAILURE);
    }
    catch (...)
    {
        fprintf(stderr, "Unexcpected error!\n");
        exit(EXIT_FAILURE);
    }

    fail_if_err(err, in, out, instream, outstream);
    
    fprintf(stderr, "gpgme_op_decrypt_result(ctx)");
    result = gpgme_op_decrypt_result(ctx);

    if (result->unsupported_algorithm)
    {
        string err(result->unsupported_algorithm);
        throw runtime_error("Unsupported algorithm: " + err + "\n");
    }
    
    fprintf(stderr, "Decrypte backup closing");
    fclose(instream);
    fclose(outstream);
    gpgme_data_release(in);
    gpgme_data_release(out);
    gpgme_release(ctx);
    
    fprintf(stderr, "Decrypte backup return");
    return true;
}


Thank you 


Regards

Sven

-----Ursprüngliche Nachricht-----
Von: Gnupg-de <gnupg-de-bounces at gnupg.org> Im Auftrag von Bernhard Reiter
Gesendet: Montag, 14. Juni 2021 10:59
An: gnupg-de at gnupg.org
Betreff: Re: gpgme_op_decrypt segfault

Hallo 

Am Freitag 11 Juni 2021 17:12:58 schrieb Schultschik, Sven:
> err = gpgme_op_decrypt(ctx, in, out); einen nicht catchbaren 
> Segmentation fault schmeißt, wenn die user rechte nicht ausreichend sind.
>
> Sollte gpgme_op_decrypt nicht den err zurückgeben, wenn etwas schief geht?

prinzipiell würde ich das auch erwarten. Es kommt aber auch darauf an, da es
ja unendlich viele spannende Problemfälle geben kann, ist bei manchen ein
komplettes Aussteigen nicht ganz verkehrt. Manchmal ist auch soviel kaputt,
dass ein sinnvolles Fehlerberichten nicht möglich ist.

Wenn Du ein leicht nachvollziehbares Beispiel hast, dann lohnt es sich
vielleicht, das auf dev.gnupg.org zu berichten.

Gruß,
Bernhard

--
https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.intevat
ion.de%2F~bernhard&data=04%7C01%7Csven.schultschik%40siemens.com%7C7fe8a
2cb993f47eccb0908d92f12b183%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637
592580044549461%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=M9pAUowNtoP0mEgnegAWPeF2wEYm
AEKfCU3bRgg2FCI%3D&reserved=0   +49 541 33 508 3-3 Intevation GmbH,
Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank
Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 14944 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210628/8270941b/attachment-0001.bin>

More information about the Gnupg-users mailing list