openpgp: Handle non-utf8 UIDs gracefully

Signed-off-by: Michał Górny <mgorny@gentoo.org>
author: Michał Górny <mgorny@gentoo.org> 2020-09-08 12:12:47 +0200
committer: Michał Górny <mgorny@gentoo.org> 2020-09-08 12:12:47 +0200
commit: 45dd26f9e06aae4308afa52136f931e64f456724 (patch)
tree: 8489df2810a5808f9c31939b6d9a425276a44877
parent: c8300a0e55a58d3eebbaa11101d0e26f6aa63d40 (diff)
download: gemato-45dd26f9e06aae4308afa52136f931e64f456724.tar.gz
3 files changed, 24 insertions, 1 deletions
diff --git a/gemato/openpgp.py b/gemato/openpgp.py
index fceec40..c05c476 100644
--- a/gemato/openpgp.py
+++ b/gemato/openpgp.py
@@ -371,7 +371,8 @@ debug-level guru
                     raise OpenPGPKeyListingError(
                         f'UID without key in GPG output: {line}')
                 uid = line.split(b':')[9]
-                name, addr = email.utils.parseaddr(uid.decode('utf8'))
+                _, addr = email.utils.parseaddr(
+                    uid.decode('utf8', errors='replace'))
                 if '@' in addr:
                     logging.debug(f'list_keys(): UID: {addr}')
                     ret[fpr].append(addr)
diff --git a/tests/keydata.py b/tests/keydata.py
index e6f3c3d..2f51af5 100644
--- a/tests/keydata.py
+++ b/tests/keydata.py
@@ -50,6 +50,11 @@ UID_NOEMAIL = base64.b64decode(b'''
 tA9nZW1hdG8gdGVzdCBrZXk=
 ''')
 
+UID_NONUTF = base64.b64decode(b'''
+tCRnZW1hdPYgdGVzdCBrZXkgPGdlbWF0b0BleGFtcGxlLmNvbT4=
+''')
+
+
 PUBLIC_KEY_SIG = base64.b64decode(b'''
 iQFOBBMBCAA4FiEEgeEsFr2NzWC+GAhFE2iA5yp7E4QFAltY2CkCGwMFCwkIBwIGFQoJCAsC
 BBYCAwECHgECF4AACgkQE2iA5yp7E4Tgvwf+LO6xyMFvlS8rs0GhpbqeOsj39555QNEviRIL
@@ -83,6 +88,16 @@ gwsGpRw/Q7ledKBXL1AmTU5nURqVloHRPuCFiiRdiy4Dm4NIEKP4opHE7znOJaVDe6b6UON3
 +imPYwGO1/CEaM/0lg==
 ''')
 
+PUBLIC_KEY_NONUTF_SIG = base64.b64decode(b'''
+iQFOBBMBCAA4FiEEgeEsFr2NzWC+GAhFE2iA5yp7E4QFAl9XV4kCGwMFCwkIBwIGFQoJCAsC
+BBYCAwECHgECF4AACgkQE2iA5yp7E4RdPQf+OGYJs1OkfOUgWfNB71Td9csHnVtCrD4m8Ya8
+x4muq+1X1M/PTM36Vu+3Ov8MSyjldB0sA7+NZbkISvxyk4UBnO9O4yHgb7+isLz+e0N27QlY
+CnE7WQIQZVlMRXUUHcMiatvlwDhJplX3qmPRprvn7y2lnlti5MMy3+de2NbpLIzE5kBTvhXy
+EwWMXWXGfomFQ0IFLFdOsWnd07LsjsjltqE2E0cy22sYQvLpUQ6dFfwkwu3MeMVmvVrc9etg
+gBfCkHxuGTR4boCNUQpcimslbsHuWwvPM9wfQkMmil08RxoxoYPLGfCe2EY8TgPRvaN3SwZ+
+NS7xQ30QJEDehq7U6w==
+''')
+
 EXPIRED_KEY_SIG = base64.b64decode(b'''
 iQFUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEgeEsFr2NzWC+GAhFE2iA
 5yp7E4QFAl9HeI4FCQVXJ48ACgkQE2iA5yp7E4QshQf/QsPfHYBth3BMx7MGKHmrqegTze6y
diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py
index 614127b..3eacc32 100644
--- a/tests/test_openpgp.py
+++ b/tests/test_openpgp.py
@@ -38,6 +38,7 @@ from gemato.recursiveloader import ManifestRecursiveLoader
 from tests.keydata import (
     PUBLIC_KEY, SECRET_KEY, PUBLIC_SUBKEY, UID,
     UID_NOEMAIL, PUBLIC_KEY_NOEMAIL_SIG,
+    UID_NONUTF, PUBLIC_KEY_NONUTF_SIG,
     PUBLIC_KEY_SIG, PUBLIC_SUBKEY_SIG, EXPIRED_KEY_SIG, REVOCATION_SIG,
     OTHER_PUBLIC_KEY, OTHER_PUBLIC_KEY_UID, OTHER_PUBLIC_KEY_SIG,
     UNEXPIRE_SIG,
@@ -189,6 +190,7 @@ OTHER_VALID_PUBLIC_KEY = (OTHER_PUBLIC_KEY + OTHER_PUBLIC_KEY_UID +
 OTHER_KEY_FINGERPRINT = '4B8349B90C56EE7F054D52871822F5424EB6DA81'
 
 VALID_KEY_NOEMAIL = PUBLIC_KEY + UID_NOEMAIL + PUBLIC_KEY_NOEMAIL_SIG
+VALID_KEY_NONUTF = PUBLIC_KEY + UID_NONUTF + PUBLIC_KEY_NONUTF_SIG
 
 VALID_KEY_SUBKEY = (PUBLIC_KEY + UID + PUBLIC_KEY_SIG + PUBLIC_SUBKEY +
                     PUBLIC_SUBKEY_SIG)
@@ -382,6 +384,7 @@ MANIFEST_VARIANTS = [
     # == good manifests ==
     ('SIGNED_MANIFEST', 'VALID_PUBLIC_KEY', None),
     ('SIGNED_MANIFEST', 'VALID_KEY_NOEMAIL', None),
+    ('SIGNED_MANIFEST', 'VALID_KEY_NONUTF', None),
     ('SIGNED_MANIFEST', 'COMBINED_PUBLIC_KEYS', None),
     ('DASH_ESCAPED_SIGNED_MANIFEST', 'VALID_PUBLIC_KEY', None),
     ('SUBKEY_SIGNED_MANIFEST', 'VALID_KEY_SUBKEY', None),
@@ -584,6 +587,7 @@ EMPTY_DATA = b''
     'key_var,success',
     [('VALID_PUBLIC_KEY', True),
      ('VALID_KEY_NOEMAIL', True),
+     ('VALID_KEY_NONUTF', True),
      ('MALFORMED_PUBLIC_KEY', False),
      ('EMPTY_DATA', False),
      ('FORGED_PUBLIC_KEY', False),
@@ -720,6 +724,7 @@ def test_recursive_manifest_loader_save_submanifest(tmp_path, privkey_env):
       {OTHER_KEY_FINGERPRINT: ['gemato@example.com']}),
      ('VALID_KEY_SUBKEY', {KEY_FINGERPRINT: ['gemato@example.com']}),
      ('VALID_KEY_NOEMAIL', {KEY_FINGERPRINT: []}),
+     ('VALID_KEY_NONUTF', {KEY_FINGERPRINT: ['gemato@example.com']}),
      ])
 def test_list_keys(openpgp_env_with_refresh, key_var, expected):
     try:
@@ -749,6 +754,8 @@ REFRESH_VARIANTS = [
     # manifest, key, server key fpr, server key, expected exception
     ('SIGNED_MANIFEST', 'VALID_PUBLIC_KEY', KEY_FINGERPRINT,
      'VALID_PUBLIC_KEY', None),
+    ('SIGNED_MANIFEST', 'VALID_KEY_NONUTF', KEY_FINGERPRINT,
+     'VALID_PUBLIC_KEY', None),
     ('SIGNED_MANIFEST', 'VALID_PUBLIC_KEY', KEY_FINGERPRINT,
      'REVOKED_PUBLIC_KEY', OpenPGPRevokedKeyFailure),
     # test fetching subkey for primary key
author	Michał Górny <mgorny@gentoo.org>	2020-09-08 12:12:47 +0200
committer	Michał Górny <mgorny@gentoo.org>	2020-09-08 12:12:47 +0200
commit	45dd26f9e06aae4308afa52136f931e64f456724 (patch)
tree	8489df2810a5808f9c31939b6d9a425276a44877
parent	c8300a0e55a58d3eebbaa11101d0e26f6aa63d40 (diff)
download	gemato-45dd26f9e06aae4308afa52136f931e64f456724.tar.gz