View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001317 | Main CAcert Website | GPG/PGP | public | 2014-10-29 00:02 | 2021-08-26 11:41 |
Reporter | janmaco | Assigned To | Eva | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | needs review | Resolution | open | ||
Product Version | 2014 Q3 | ||||
Target Version | 2015 Q1 | ||||
Summary | 0001317: Weak email sanity check when adding a new PGP key | ||||
Description | I tried to sign a PGP key with an email address containing a + (like test+a@example.tld). Using such an e-mail results in an error (No valid uid). | ||||
Steps To Reproduce | Create a PGP key with an email address containing a '+' -> paste it to the "Add PGP key" form | ||||
Additional Information | A cause may be located in incomplete regexes; www/gpg.php:381 if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) { //echo "Found: ".$match[1]; $mail = trim(gpg_hex2bin($match[1])); } | ||||
Tags | No tags attached. | ||||
Reviewed by | BenBE | ||||
Test Instructions | Try to sign a mail address with a plus sign in it. | ||||
|
I have a patch for this bug here: https://github.com/yellowant/cacert-devel/commit/1439176e62ab63d6ab522b07ca18213e56c24bf4 |
|
I created a pgp key for the address 1317+asterix@acme.com and added it to the account. The key was signed. -> ok The key contained the signature -> ok The key contained the correct name and email address -> ok The key was displayed correctly in the "view" overview for pgp keys -> ok => ok (I did not test other special characters as only "+" seems to be added) |
|
I got a PGP key signed with an email address containing a "+". Keys with an incorrect email address still get rejected. => PASSED |
|
As there are two successfull tests, please do your review(s) |
|
The path proposed by 0001317:0005237 is NOT performed (on the testserver only?) |
Date Modified | Username | Field | Change |
---|---|---|---|
2014-10-29 00:02 | janmaco | New Issue | |
2014-10-29 00:06 | janmaco | Steps to Reproduce Updated | |
2014-10-29 00:07 | janmaco | Steps to Reproduce Updated | |
2015-01-14 10:59 | janmaco | Note Added: 0005237 | |
2015-01-14 11:17 | janmaco | Note Edited: 0005237 | |
2015-01-20 23:29 | janmaco | Assigned To | => janmaco |
2015-01-20 23:29 | janmaco | Status | new => fix available |
2015-01-20 23:32 | BenBE | Assigned To | janmaco => egal |
2015-01-20 23:32 | BenBE | Status | fix available => needs review & testing |
2015-01-20 23:33 | BenBE | Reviewed by | => BenBE |
2015-01-20 23:33 | BenBE | Test Instructions | => Try to sign a mail address with a plus sign in it. |
2015-01-20 23:33 | BenBE | Target Version | => 2015 Q1 |
2015-02-03 21:25 | Eva | Note Added: 0005305 | |
2015-03-03 21:09 | felixd | Note Added: 0005342 | |
2015-03-03 21:14 | Eva | Note Added: 0005345 | |
2015-03-03 21:14 | Eva | Status | needs review & testing => needs review |
2015-10-20 20:14 | BenBE | Assigned To | egal => Eva |
2021-08-26 11:41 | alkas | Note Added: 0006080 |