#3698: extract-keys crash
----------------------+----------------------
Reporter: muffins | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: crypto | Version: 1.5.23
Resolution: | Keywords:
----------------------+----------------------
Comment (by petr_p):
None
Filename untitled-part.pgp could not be saved, problem: [Errno 13]
Permission denied: '/home/mutt/trac/attachments/ticket/3698/untitled-
part.pgp'\{{{
On Wed, Aug 06, 2014 at 12:45:26PM +0200, Petr Pisar wrote:
It crashes in gpgme when importing keys on reading the keys from a FILE*
by
fread(3):
#0 0x00007fe4057579df in fread () from /lib64/libc.so.6
#1 0x00007fe4060f8cf8 in stream_read (dh=0x2512530, buffer=0x251253c,
size=4096) at data-stream.c:37
#2 0x00007fe4060f7c36 in gpgme_data_read (dh=0x2512530, buffer=0x251253c,
size=4096) at data.c:93
#3 0x00007fe4060f8820 in _gpgme_data_outbound_handler
(opaque=0x7fff7cb8f410,
fd=9) at data.c:293
#4 0x00007fe4060fbe49 in _gpgme_run_io_cb (an_fds=0x2514108, checked=0,
op_err=0x7fff7cb8f46c) at wait.c:219
#5 0x00007fe4060fca1d in _gpgme_wait_on_condition (ctx=0x2510e40,
cond=0x0,
op_err_p=0x0) at wait-private.c:115
#6 0x00007fe4060fcb6e in _gpgme_wait_one (ctx=0x2510e40) at wait-
private.c:169
#7 0x00007fe406108a56 in gpgme_op_import (ctx=0x2510e40,
keydata=0x2512530)
at import.c:314
#8 0x00000000004925f1 in pgp_gpgme_extract_keys (keydata=0x2512530,
fp=0x7fff7cb8f8b8, dryrun=0) at crypt-gpgme.c:1927
#9 0x0000000000492d0c in pgp_gpgme_invoke_import (
fname=0x7fff7cb8f950 "/tmp/mutt-album-500-22474-4372607762126390852")
at crypt-gpgme.c:2115
#10 0x0000000000498e17 in crypt_mod_pgp_invoke_import (
fname=0x7fff7cb8f950 "/tmp/mutt-album-500-22474-4372607762126390852")
at crypt-mod-pgp-gpgme.c:70
It's cause by this mutt crypt-gpgme.c code:
/* TODO: looks like this won't work and we'll have to fully parse the
* message file. GPGME makes life hard yet again. */
void pgp_gpgme_invoke_import (const char *fname)
{
gpgme_data_t keydata;
gpgme_error_t err;
FILE* in;
FILE* out;
long outlen;
if (!(in = safe_fopen (fname, "r")))
return;
if ((err = gpgme_data_new_from_stream (&keydata, in)) !=
GPG_ERR_NO_ERROR)
{
dprint (1, (debugfile, "error converting key file into data
object\n"));
return;
}
safe_fclose (&in);
if (!pgp_gpgme_extract_keys (keydata, &out, 0))
[...]
}
The keydata is bound to `in', the key file `fname', but before the
pgp_gpgme_extract_keys() can read the data from the file registered in the
`in', mutt closes the FILE handle by safe_fclose().
Obviously one should call gpgme_data_release(keydata) before
safe_fclose(&in)
and that all after pgp_gpgme_extract_keys() returns. Unfortunatelly mutt
calls
safe_fclose() only and only in one branch. So not only it crashes, but
there
are memory leaks.
-- Petr
}}}
[attachment:"untitled-part.pgp"]
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3698#comment:7>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
