Ubuntu
gnupg package

gpg --list-packets on specific file causes EOF infite loop

Bug #595553 reported by icub3d
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GnuPG
Fix Released
Unknown
gnupg (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: gnupg

I have an encrypted file that I'm trying to get packet information from. When I run the file using gpg --list-packets, I get an infinite loop of EOFs. Here is the gpg version information:

$ gpg --version
gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Here is a sample of the output:

$ gpg --list-packets blah.gpg
:pubkey enc packet: version 3, algo 16, keyid 8158B8738374392C
 data: [1023 bits]
 data: [1023 bits]
:trust packet: flag=e9 sigcache=00
:unknown packet: type 41, length 2624801341
dump: 6e 6f 76 7d ac fa f6 7d 84 49 a9 39 ce 47 7b 76 48 7b ff 34 75 c6 1b b1
  24: ac 38 f3 8e 4f 12 ca 1e ca aa 97 57 97 cc ed 18 31 a5 77 19 83 f1 de d9
  48: 39 80 a3 a6 d4 c0 93 bf 7e 2a 1b b2 78 9a 67 24 3d fd 9d 74 c7 71 3b fe
  72: 6a 34 e8 ce b3 8c c0 c2 41 c7 5c a3 58 bd d2 dd 75 9b 83 74 c7 90 05 2c
  96: 87 40 e9 14 e3 37 49 07 70 dc 1c 81 4c 08 cb 35 fd 30 1b df ff 46 6f 97
 120: 07 2a 46 c9 bf ee 53 67 f0 7c fb 30 6e cf 7d 21 3b fc 90 0b e1 2e 9f 0f
 144: 8a 14 9e 3a d6 d5 00 b2 40 64 d6 20 29 f7 31 9f 45 32 94 3f 88 c1 0b 0b
 168: 20 64 dd 0e e7 d7 b2 6f c5 90 26 ec 94 30 a9 72 c0 ae 26 61 8c 10 a5 c4
 192: 06 aa c1 f3 a3 0d 0a 43 11 38 75 52 2d ee 0c 98 42 dc b4 c0 71 ad 1b 8e
 216: 22 11 35 d2 af 2c f0 ba 77 81 94 32 1e f4 3e 40 71 17 88 85 d2 27 73 5c
 240: 48 16 30 e2 3e da c4 33 0f 11 83 2c 5a 53 5d 87 df a3 d5 ff a9 6a dd 1d
 264: f0 8c b1 43 e7 61 8c 2c 56 53 f2 a6 36 2f 85 b8 a7 94 d9 9e 2a 6e 9a 7e
 288: a4 dc 62 bc 36 25 71 ab 06 06 04 f8 53 a4 c0 ed bd 2b 55 ed b5 a5 52 80
 312: 90 bc 0b d7 51 60 f7 f1 57 7c 26 d9 82 bd 52 26 6c 1c 2f 94 1c 78 47 7e
 336: bd bc 31 c8 3c 98 02 8b 34 ba c7 86 77 0f 14 b7 c0 7e 3b c1 0c 0e 56 6c
 360: eb 75 23 a5 9d 0b de 2d 81 3f c0 f9 a0 ba 55 18 bc 23 7f c9 54 49 a2 e9
 384: 4c 66 41 7a d1 a2 45 49 2f d6 59 4d c0 e9 36 ff c2 3e 70 11 0e 26 51 90
 408: 79 fe 16 ff d9 38 49 5c 79 4e 2f c8 da a8 ac c6 54 c3 55 ee b9 ea 38 6d
 432: dd 4b 7a e3 d5 32 7d 88 e2 b5 9e 55 fa ff ae 77 e9 aa 6a 8d 21 39 e8 0c
 456: f1 df b7 15 85 9b ef be 5d 5f 0d 0a 4a 2a 7d e5 0e 18 e8 54 a2 ba bc 5a
 480: 67 3b 8f a4 0e 9e 2f 0b e7 48 7f 56 d4 37 39 55 51 b2 3b 05 64 b9 81 e4
 504: 44 c3 3d a2 44 4f 11 d9 ae 48 80 5a a3 d0 36 c6 77 d0 89 7a bc e1 88 14
 528: df 2b b0 f8 a3 69 2d fe bb 22 c5 d5 a6 85 f7 ef 19 2d c1 cb 29 e0 d2 e8
 552: d2 0c 16 d6 b2 d7 1f 4f e9 14 fc c2 88 64 89 f2 cc da 9a 6a c8 ec 70 20
 576: 7c f1 d1 35 b5 a1 77 1c 7f e9 f1 0f 89 9f 08 19 f1 6c fb 72 23 23 9e 61
 600: 47 78 fb 24 14 52 c7 9d e2 3c fe d3 63 86 16 0e 5a 96 2b d4 ec dd f0 e8
 624: 9f 7e 39 d7 ad 26 ee 2b 9b 76 e9 d3 ee bf 49 f4 96 bb b6 b6 c4 28 20 f7
 648: 24 e4 a0 fe a7 2b 07 c1 8e 88 5d 83 c9 ec 0d 0a e8 c9 de d7 54 42 4d b2
 672: 9f 88 46 7b a6 be 12 12 48 17 e0 9a 82 77 86 c6 9e 27 76 2c c5 41 4a f1
 696: ea ec 2f 29 d3 ef 8b 18 31 36 3b 13 ec fb b7 1e 38 6b ea 83 30 41 aa 1f
 720: 67 61 00 1a ca 5f d3 ab fd a6 2a 0d 0a bd 23 66 EOF EOF EOF EOF EOF EOF EOF EOF
 744: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 768: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 792: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 816: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 840: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 864: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 888: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 912: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 936: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 960: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
 984: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
1008: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
1032: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
1056: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
1080: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
1104: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
1128: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
1152: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF
1176: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF

This seems to continue on forever. I've let it run for several minutes and it just keeps producing line after line of EOF. The number up front continues to increment.

If I run it in GDB and Ctrl+C, Here is what I get:

Program received signal SIGINT, Interrupt.
0xb7fe2430 in __kernel_vsyscall ()
(gdb) where
#0 0xb7fe2430 in __kernel_vsyscall ()
#1 0xb7ecce83 in __write_nocancel () at ../sysdeps/unix/syscall-template.S:82
#2 0xb7e761c4 in _IO_new_file_write (f=0xb7f654e0, data=0xb7c6f000, n=106)
    at fileops.c:1276
#3 0xb7e75e4f in new_do_write (fp=0xb7f654e0,
    data=0xb7c6f000 "161640: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF\n", to_do=106) at fileops.c:530
#4 0xb7e76166 in _IO_new_do_write (fp=0xb7f654e0,
    data=0xb7c6f000 "161640: EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF\n", to_do=106) at fileops.c:503
#5 0xb7e76c4d in _IO_new_file_overflow (f=0xb7f654e0, ch=-1) at fileops.c:881
#6 0xb7e75f98 in _IO_new_file_xsputn (f=0xb7f654e0, data=0x80fc5cb, n=1)
    at fileops.c:1358
#7 0xb7e4bd1e in _IO_vfprintf_internal (s=0xb7f654e0,
    format=0x80fc5cb "\n%4d:", ap=0xbfffec7c "\200w\002") at vfprintf.c:1333
#8 0xb7eefddd in ___fprintf_chk (fp=0xb7f654e0, flag=1,
    format=0x80fc5cb "\n%4d:") at fprintf_chk.c:37
#9 0x0806ac99 in fprintf (c=-1, i=0xbfffecfc) at /usr/include/bits/stdio2.h:98
#10 dump_hex_line (c=-1, i=0xbfffecfc) at parse-packet.c:561
#11 0x0806f7ac in skip_packet (inp=0x8126948, pkt=<value optimized out>,
    onlykeypkts=<value optimized out>, retpos=0x0, skip=0xbfffedbc, out=0x0,
    do_skip=0, dbg_w=0x80fcce8 "parse", dbg_f=0x80fa500 "mainproc.c",
    dbg_l=1236) at parse-packet.c:625
#12 parse (inp=0x8126948, pkt=<value optimized out>,
    onlykeypkts=<value optimized out>, retpos=0x0, skip=0xbfffedbc, out=0x0,
    do_skip=0, dbg_w=0x80fcce8 "parse", dbg_f=0x80fa500 "mainproc.c",
    dbg_l=1236) at parse-packet.c:546
#13 0x0806ffd0 in dbg_parse_packet (inp=0x8126948, pkt=0x81246b0,
    dbg_f=0x80fa500 "mainproc.c", dbg_l=1236) at parse-packet.c:162
#14 0x08063497 in do_proc_packets (c=0x8128a90, a=<value optimized out>)
    at mainproc.c:1236
#15 0x08063909 in proc_packets (anchor=0x0, a=0x8126948) at mainproc.c:1170
#16 0x0805016e in main (argc=1, argv=0xbffff28c) at gpg.c:3983

I've been able to reproduce this on a RHEL4 box as well using version 1.4.9 of gpg. The file causing the issue is attached. It could very well be that the file is corrupt, but I wouldn't expect gpg to behave that way on a corrupted file. If I pass it a non encrypted file, I get a valid error stating it isn't encrypted. I would expect something similar.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gnupg 1.4.10-2ubuntu1 [modified: usr/lib/gnupg/gpgkeys_hkp usr/lib/gnupg/gpgkeys_curl]
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic-pae 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic-pae i686
Architecture: i386
Date: Thu Jun 17 08:56:42 2010
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: gnupg

Revision history for this message
icub3d (icub3d) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in gnupg:
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in gnupg:
status: New → Fix Released
Revision history for this message
Thijs Kinkhorst (kink) wrote :

Fixed at least in 1.4.11

Changed in gnupg (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.