Source: gnupg2 Severity: important Tags: patch upstream X-Debbugs-Cc: lykn...@debian.org
Dear maintainer,
The check for escaping characters in `write_status_text_and_buffer` is
written in `g10/cpr.c` as:
```c
333 if (*s == '%' || *(const byte*)s <= lower_limit
334 || *(const byte*)s == 127 )
```
Except `byte` is defined as an unsigned char, with non-printable values
exceeding 127.
Therefor the check should be `>= 127` and not `== 127`.
Practically, this means that some non-printable character are currently
not correctly escaped in a status output.
The following commands illustrate the bug:
```
mkdir -p /tmp/gpg
chmod 700 /tmp/gpg
echo test > /tmp/test.txt
cat << EOF > /tmp/key.txt
Key-Type: RSA
Key-Length: 4096
Subkey-Type: RSA
Subkey-Length: 4096
Name-Real: Test key
Name-Comment: comment
Name-Email: t...@example.org
Expire-Date: 0
Passphrase: abc
%commit
%echo done
EOF
GNUPGHOME=/tmp/gpg gpg --batch --generate-key /tmp/key.txt
GNUPGHOME=/tmp/gpg gpg --set-notation \
"t...@example.org=This is a non-printable char [$(printf "\x8c")]" \
--clearsign /tmp/test.txt
GNUPGHOME=/tmp/gpg gpg --status-fd 1 --with-colons \
--verify /tmp/test.txt.asc | cat -A
```
This outputs:
```
[GNUPG:] NOTATION_DATA This%20is%20a%20non-printable%20char%20[M-^L]$
```
While with the proposed patch, it encodes correctly to:
```
[GNUPG:] NOTATION_DATA This%20is%20a%20non-printable%20char%20[%8C]$
```
Best,
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.8.11-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
(ignored: LC_ALL set to C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
-- no debconf information
--
Baptiste Beauplat
diff -Nru gnupg2-2.2.43/debian/patches/Escape-char-127-in-write_status_text_and_buffer.patch gnupg2-2.2.43/debian/patches/Escape-char-127-in-write_status_text_and_buffer.patch
--- gnupg2-2.2.43/debian/patches/Escape-char-127-in-write_status_text_and_buffer.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnupg2-2.2.43/debian/patches/Escape-char-127-in-write_status_text_and_buffer.patch 2024-06-23 14:16:58.000000000 +0200
@@ -0,0 +1,21 @@
+From: Baptiste Beauplat <lykn...@debian.org>
+Date: Sun, 23 Jun 2024 14:16:44 +0200
+Subject: Escape char >= 127 in write_status_text_and_buffer
+
+---
+ g10/cpr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/cpr.c b/g10/cpr.c
+index bc4b715..cd4301d 100644
+--- a/g10/cpr.c
++++ b/g10/cpr.c
+@@ -331,7 +331,7 @@ write_status_text_and_buffer (int no, const char *string,
+ for (esc=0, s=buffer, n=len; n; s++, n--)
+ {
+ if (*s == '%' || *(const byte*)s <= lower_limit
+- || *(const byte*)s == 127 )
++ || *(const byte*)s >= 127 )
+ esc = 1;
+ if (wrap && ++count > wrap)
+ dowrap=1;
diff -Nru gnupg2-2.2.43/debian/patches/series gnupg2-2.2.43/debian/patches/series
--- gnupg2-2.2.43/debian/patches/series 2024-06-01 01:22:29.000000000 +0200
+++ gnupg2-2.2.43/debian/patches/series 2024-06-23 14:16:58.000000000 +0200
@@ -28,3 +28,4 @@
restore-nl.po.patch
from-upstream/scd-openpgp-Fix-PIN-pin2hash_if_kdf.patch
from-master/gpg-Report-BEGIN_-status-before-examining-the-input.patch
+Escape-char-127-in-write_status_text_and_buffer.patch
signature.asc
Description: This is a digitally signed message part
