Bug #57078 for GnuPG-Interface: User IDs must be properly unescaped to support colon and backslash (and maybe other characters)

> Fri Apr 30 08:24:44 2010: Request 57078 was acted upon. > Transaction: Ticket created by salvatore.bonaccorso@gmail.com > Queue: GnuPG-Interface > Subject: User IDs must be properly unescaped to support colon and backslash (and maybe other characters) > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: salvatore.bonaccorso@gmail.com > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=57078 > > > > Hi > > I'm forwarding this Request from Daniel Kahn Gillmor to you. He is > reporting the issue below to the Debian Bugtracker for the > GnuPG-Interface Module packaged. > > [1] http://bugs.debian.org/579672 > > See his message below, > Thank you for considering > Bests > Salvatore > > ----- Forwarded message from Daniel Kahn Gillmor <dkg@fifthhorseman.net> ----- > > From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> > Resent-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> > Reply-To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, > 579672@bugs.debian.org > X-Mailer: reportbug 4.11 > Date: Thu, 29 Apr 2010 14:29:41 -0400 > To: Debian Bug Tracking System <submit@bugs.debian.org> > Subject: Bug#579672: libgnupg-interface-perl: User IDs must be properly > unescaped to support colon and backslash (and maybe other characters) > > Package: libgnupg-interface-perl > Version: 0.42-3 > Severity: normal > Tags: patch > > User IDs with colons and backslashes (at least) are escaped in gpg > output. > > GnuPG::Interface should unescape these strings, so that the invoking > perl program recieves the raw UTF-8 string. The attached patch fixes > the problem. > > For example, E95707CF is an OpenPGP key identifying the https service > running on zimmermann.mayfirst.org (using the monkeysphere). It has a > User ID of "https://zimmermann.mayfirst.org" (it also has another User > ID which is a DNS alias of a common misspelling). The following two > commands show the problem: > > gpg --keyserver pool.sks-keyservers.net --recv E95707CF > > perl -MGnuPG::Interface -e ' > foreach $k (GnuPG::Interface->new()->get_public_keys("0xE95707CF")) { > foreach $u ($k->user_ids) { > printf "%s\n", $u->as_string(); > }}' > > Without unescaping, the output of the second command reads: > > https\x3a//zimmermann.mayfirst.org > https\x3a//zimmerman.mayfirst.org > > but it should read: > > https://zimmermann.mayfirst.org > https://zimmerman.mayfirst.org > > The attached patch handles the unescaping cleanly. > > Thanks, > > --dkg > > -- System Information: > Debian Release: squeeze/sid > APT prefers testing > APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') > Architecture: i386 (i686) > > Kernel: Linux 2.6.32-4-686 (SMP w/1 CPU core) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages libgnupg-interface-perl depends on: > ii gnupg 1.4.10-2 GNU privacy guard - a free PGP rep > ii gnupg2 2.0.14-1 GNU privacy guard - a free PGP rep > ii libany-moose-perl 0.12-1 module to use either Moose or Mous > ii perl 5.10.1-12 Larry Wall's Practical Extraction > > libgnupg-interface-perl recommends no packages. > > libgnupg-interface-perl suggests no packages. > > -- no debconf information > > --- a/lib/GnuPG/Interface.pm > +++ b/lib/GnuPG/Interface.pm > @@ -335,6 +335,11 @@ > } > > > +sub unescape_string { > + my($str) = splice(@_); > + $str =~ s/\\x(..)/chr(hex($1))/eg; > + return $str; > +} > > ################################################################### > > @@ -451,7 +456,7 @@ > > $current_signed_item = GnuPG::UserId->new( > validity => $user_id_validity, > - as_string => $user_id_string, > + as_string => unescape_string($user_id_string), > ); > > $current_key->push_user_ids($current_signed_item); > @@ -472,7 +477,7 @@ > algo_num => $algo_num, > hex_id => $hex_key_id, > date_string => $signature_date_string, > - user_id_string => $user_id_string, > + user_id_string => unescape_string($user_id_string), > ); > > if ( $current_signed_item->isa('GnuPG::UserId') ) { > @@ -490,7 +495,7 @@ > > $current_signed_item = GnuPG::UserId->new( > validity => $validity, > - as_string => $user_id_string, > + as_string => unescape_string($user_id_string), > ); > > $current_key->push_user_ids($current_signed_item); > > _______________________________________________ > pkg-perl-maintainers mailing list > pkg-perl-maintainers@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-perl-maintainers > > ----- End forwarded message ----- >

> --- a/lib/GnuPG/Interface.pm > +++ b/lib/GnuPG/Interface.pm > @@ -335,6 +335,11 @@ > } > > > +sub unescape_string { > + my($str) = splice(@_); > + $str =~ s/\\x(..)/chr(hex($1))/eg; > + return $str; > +} > > ################################################################### > > @@ -451,7 +456,7 @@ > > $current_signed_item = GnuPG::UserId->new( > validity => $user_id_validity, > - as_string => $user_id_string, > + as_string => unescape_string($user_id_string), > ); > > $current_key->push_user_ids($current_signed_item); > @@ -472,7 +477,7 @@ > algo_num => $algo_num, > hex_id => $hex_key_id, > date_string => $signature_date_string, > - user_id_string => $user_id_string, > + user_id_string => unescape_string($user_id_string), > ); > > if ( $current_signed_item->isa('GnuPG::UserId') ) { > @@ -490,7 +495,7 @@ > > $current_signed_item = GnuPG::UserId->new( > validity => $validity, > - as_string => $user_id_string, > + as_string => unescape_string($user_id_string), > ); > > $current_key->push_user_ids($current_signed_item);