NetBSD Problem Report #49539

From mlelstv@twitty.1st.de  Tue Jan  6 13:37:10 2015
Return-Path: <mlelstv@twitty.1st.de>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id CFC18A654B
	for <gnats-bugs@gnats.NetBSD.org>; Tue,  6 Jan 2015 13:37:09 +0000 (UTC)
Message-Id: <20150106133659.8096A1EF@twitty.1st.de>
Date: Tue,  6 Jan 2015 14:36:59 +0100 (CET)
From: mlelstv@serpens.de
Reply-To: mlelstv@serpens.de
To: gnats-bugs@NetBSD.org
Subject: netpgpkeys segfaults on bad commandline
X-Send-Pr-Version: 3.95

>Number:         49539
>Notify-List:    khorben@NetBSD.org
>Category:       bin
>Synopsis:       netpgpkeys segfaults on bad ocmmandline
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jan 06 13:40:00 +0000 2015
>Closed-Date:    
>Last-Modified:  Wed Nov 01 13:27:02 +0000 2017
>Originator:     Michael van Elst
>Release:        NetBSD 7.99.2
>Organization:
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."
>Environment:


System: NetBSD twitty 7.99.2 NetBSD 7.99.2 (TWITTY) #22: Tue Dec 16 21:53:35 CET 2014 mlelstv@pussyfoot:/home/netbsd-current/obj.evbarm/home/netbsd-current/src/sys/arch/evbarm/compile/TWITTY evbarm
Architecture: earmv6hf
Machine: evbarm
>Description:

netpgpkeys passes a NULL pointer to its command functions when
a parameter (usually a filename) is missing.

|         if (optind == argc) {
|                 if (!netpgp_cmd(&netpgp, &p, NULL)) {

The command function does not check the passed value and dereferences
the NULL pointer.

>How-To-Repeat:

twitty% netpgpkeys --import-key
/home/mlelstv/.gnupg/pubring.gpg: No such file or directory
Can't read pubring /home/mlelstv/.gnupg/pubring.gpg
Can't read pub keyring
Segmentation fault

>Fix:

Check arguments either when parsing or when evaluating them.

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->feedback
State-Changed-By: khorben@NetBSD.org
State-Changed-When: Sun, 09 Apr 2017 22:56:43 +0000
State-Changed-Why:
I believe I fixed this in
crypto/external/bsd/netpgp/dist/src/lib/keyring.c 1.51.
Can you confirm?


From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, khorben@NetBSD.org
Subject: Re: bin/49539 (netpgpkeys segfaults on bad ocmmandline)
Date: Tue, 11 Apr 2017 00:23:25 +0200

 On Sun, Apr 09, 2017 at 10:56:44PM +0000, khorben@NetBSD.org wrote:

 > I believe I fixed this in
 > crypto/external/bsd/netpgp/dist/src/lib/keyring.c 1.51.
 > Can you confirm?

 Doesn't look like it.

 % netpgpkeys --import-key
 /home/mlelstv/.gnupg/pubring.gpg: No such file or directory
 Can't read pubring /home/mlelstv/.gnupg/pubring.gpg
 Can't read pub keyring
 Segmentation fault

 That's -current with keyring.c 1.55.


 Greetings,
 -- 
                                 Michael van Elst
 Internet: mlelstv@serpens.de
                                 "A potential Snark may lurk in every tree."

State-Changed-From-To: feedback->open
State-Changed-By: maya@NetBSD.org
State-Changed-When: Wed, 01 Nov 2017 13:27:02 +0000
State-Changed-Why:
Not fixed


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.