Page MenuHome GnuPG
Create Task
Maniphest T2387

GNUPGHOME with newlines breaks standard parsing of gpgconf --list-dirs
Closed, ResolvedPublic
Actions

Description

try:

    GNUPGHOME=$(printf "/tmp/foo\nbar") gpgconf --list-dirs

the result is that someone parsing the output will get "/tmp/foo" and will think
that there is an new gnupg directory named "bar" (with no value).

as field separators, colons are escaped, but i think newlines (as record
separators) should also be escaped.

Related Objects

Event Timeline

dkg added projects: gnupg, Bug Report.Jun 17 2016, 3:06 AM
dkg added a subscriber: dkg.
werner added a subscriber: werner.Jun 17 2016, 8:06 AM

Quite obvious. There are probably a lot of other places which will fail with a
LF in a file name. What do you think of detecting such strange directory names
early and bail out with a fatal error?

dkg added a comment.Jun 18 2016, 12:08 AM

We could bail early if we see something like this.

But since percent-unescaping is supposed to be able to handle arbitrary
characters (and consumers of this data have to percent-unescape anyway), why not
escape the record separator instead of bailing?

werner added a comment.Jun 19 2016, 11:15 PM

I fear that a LF yields other problems as well. However, the percent escaping
woyld make it easier to find.

werner raised the priority of this task from Low to Normal.Jan 6 2017, 5:29 PM
werner added a project: gnupg (gpg22).
justus claimed this task.Mar 1 2017, 5:47 PM
justus added a subscriber: justus.
justus added a comment.Mar 2 2017, 9:35 AM

As of e064c75b08a523f738108428fe0c417a46e66238 newlines are always escaped.

justus closed this task as Resolved.Mar 2 2017, 9:35 AM
swimmerm mentioned this in T5626: 'GPGCONF --list-dirs' command option on-screen displayed results show '%3a' unexpected and unneeded characters in each line displaying a C: drive path instead of simpler expected '...:C:\...' sub-strings with only valid ':' ('colon') characters present.Sep 30 2021, 9:07 PM