New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rpm segfaults when importing keys downloaded from keys.openpgp.org #3001
Comments
Right, this is specific to the internal pgp parser. With rpm-sequoia I get:
but easy enough to reproduce with the old parser. This is enough prevents the crash:
It wont import the key, but if main userid is missing in the key then maybe it shouldn't. |
Oh and, thanks @signed-log for reporting! |
Heh, so a more careful reading of the report... the userid is intentionally removed here.
There could be other places that rely on the userid being there besides this. |
Yeah, that's also what I was going to implement. The userid seems to be optional. |
Thanks a lot ! |
Reopening - we want to track this for the next 4.19.x bugfix release. |
Describe the bug
A clear and concise description of what the bug is.
Importing a key with User-ID removed (like those of keys.openpgp.org) causes RPM to segfault
To Reproduce
Steps to reproduce the behavior:
1: Download a Armored and User-ID stripped key from keys.openpgp.org (like the one for Tailscale)
2: Try to import it
Expected behavior
A clear and concise description of what you expected to happen.
Import the key normally
Output
If applicable, add copy of the output on the command line or a screenshots to help explain your problem.
Strace output https://paste.opensuse.org/pastes/07914597fa8b
Environment
openSUSE Tumbleweed 20240325
4.19.1.1
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: