URL: <https://savannah.gnu.org/bugs/?68020>
Summary: Incorrect parsing of 2-octet OpenPGP Format Packet
Lengths
Group: GNU GRUB
Submitter: shoesoft
Submitted: Thu 05 Feb 2026 10:05:40 PM UTC
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Unlocked
Release: Git master
Release:
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Thu 05 Feb 2026 10:05:40 PM UTC By: shoesoft <shoesoft>
I have embedded a public GPG key with grub-mkimage --pubkey. Booting fails
with "error loading initial key: bad signature"
The problem occurs when parsing 2-octet OpenPGP Format Packet Lengths. RFC
9580 says:
> 4.2.1.2. 2-Octet Lengths
>
> A 2-octet Body Length header encodes a length of 192 to 8383 octets. It is
> recognized because its first octet is in the range 192 to 223. The body
> length is equal to:
>
> bodyLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192
grub code does not account for the final 192. Note that the problem does not
occur with keys exported by gnupg. gnupg exports keys using the legacy packet
format, not the "new" OpenPGP format.
The following change fixes the problem for me:
--- a/grub-core/commands/pgp.c
+++ b/grub-core/commands/pgp.c
@@ -95,6 +95,7 @@ read_packet_header (grub_file_t sig, grub_uint8_t *out_type,
grub_size_t *len)
if (grub_file_read (sig, &l, sizeof (l)) != 1)
return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad signature"));
*len |= l;
+ *len += 192;
return 0;
}
if (l == 255)
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?68020>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
