Entering an invalid keyserver value with newlines causes a crash or misbehavior
Reported by Luke Le | December 5th, 2014 @ 11:27 PM | in 1.2b3 (closed)
If an invalid value is entered in the keyserver field in GPG Keychain preferences, it's possible that the value causes a crash or misbehavior of the application. In addition, the invalid value is stored as the new keyserver in gpg.conf
Steps to reproduce:
1.) Open preferences in GPG Keychain
2.) Enter the following value for example (or any other value with
a new line)
999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999
3.) See GPG Keychain go crazy due to an invalid gpg.conf
To fix this, configuration settings written to gpg.conf are first sanitized by removing newline (\n) characters, to avoid this issue al together and the keyserver is no longer stored unless the keyserver check reports it actually works.
Comments and changes to this ticket
-
Support December 5th, 2014 @ 11:30 PM
- State changed from “new” to “fixed”
(from [7b004264b8b4d2b7747d5d39d92bd3d32fcb8e04]) [FIX] Only store keyservers that actually work [#299 state:fixed]
- Before storing keyserver entered in preferences is stored, it's verified that it works and only then the updated keyserver is written to gpg.conf
- Prior to this change, the keyserver was stored regardless whether it worked or not, thus antering a keyserver with a new line (\n) character completely broke GPG Keychain. https://github.com/GPGTools/GPGKeychainAccess/commit/7b004264b8b4d2...
-
steve December 15th, 2014 @ 04:46 PM
- State changed from “fixed” to “verified”
- Milestone set to “1.2b3”
-
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Alex (via GPGTools)
Luke Le
steve