[Bug 147395] New: Kmail hang/crash when verifying S/MIME signature

Matt Blissett matt at blissett.me.uk
Sat Jun 30 13:39:40 BST 2007 

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=147395         
           Summary: Kmail hang/crash when verifying S/MIME signature
           Product: kmail
           Version: 1.9.5
          Platform: unspecified
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: crash
          Priority: NOR
         Component: general
        AssignedTo: kdepim-bugs kde org
        ReportedBy: matt blissett me uk


Version:           1.9.5 (using KDE 3.5.7, Debian Package 4:3.5.7.dfsg.1-1 (lenny/sid))
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.18-4-686

KMail hangs (doesn't repaint, but doesn't use any CPU according to 'top') when a particular S/MIME signed message is selected.

Here's the console output (when run with --nofork)

kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "move_message_to_folder"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "copy_message_to_folder"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "jump_to_folder"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "remove_duplicate_messages"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "cancel"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "inc_current_folder"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "dec_current_folder"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "select_current_folder"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "inc_current_message"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "dec_current_message"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "select_current_message"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "delete"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "edit"
kdecore (KAction): WARNING: KAction::plugAccel(): call to deprecated action.
kdecore (KAction): WARNING: KAction::plugAccel( kacc = 0xb320af90 ): KAccel object already contains an action name "display_message"
dirmngr[7990]: error opening `/home/matt/.gnupg/dirmngr_ldapservers.conf': No such file or directory
gpgconf: warning: can not open list file /home/matt/.gnupg/dirmngr_ldapservers.conf: No such file or directory
gpg-agent[7993]: secmem usage: 0/32768 bytes in 0 blocks
secmem usage: 0/16384 bytes in 0 blocks


Here's the log from KWatchGnuPG (Tools -> GnuPG Log Viewer):

[2007-06-30T13:16:17] Log started
[client at fd 4 connected]
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> # Home: ~/.gnupg
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> # Config: /home/matt/.gnupg/gpgsm.conf
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> # AgentInfo: /tmp/gpg-UWJkti/S.gpg-agent:3223:1
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> # DirmngrInfo: [not set]
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> OK GNU Privacy Guard's S/M server 2.0.4 ready
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: <- OPTION display=:0.0
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> OK
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: <- OPTION lc-ctype=en_GB.UTF-8
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> OK
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: <- OPTION lc-messages=en_GB.UTF-8
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> OK
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: <- INPUT FD=24
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> OK
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: <- MESSAGE FD=30
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> OK
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: <- VERIFY
  4 - 2007-06-30 13:16:36 gpgsm[8005]: detached signature
  4 - 2007-06-30 13:16:36 gpgsm[8005.0] DBG: -> S NEWSIG
  4 - 2007-06-30 13:16:36 gpgsm[8005]: Signature made 2007-06-19 07:45:22 using certificate ID C26FDC77
  4 - 2007-06-30 13:16:36 gpgsm[8005]: no running dirmngr - starting `/usr/bin/dirmngr'
[client at fd 5 connected]
  5 - 2007-06-30 13:16:36 dirmngr[8006]: permanently loaded certificates: 0
  5 - 2007-06-30 13:16:36 dirmngr[8006]:     runtime cached certificates: 0
  5 - 2007-06-30 13:16:36 dirmngr[8006.0] DBG: -> # Home: ~/.gnupg
  5 - 2007-06-30 13:16:36 dirmngr[8006.0] DBG: -> # Config: /home/matt/.gnupg/dirmngr.conf
  5 - 2007-06-30 13:16:36 dirmngr[8006.0] DBG: -> OK Dirmngr 1.0.0 at your service
  4 - 2007-06-30 13:16:36 gpgsm[8005]: DBG: connection to dirmngr established
  5 - 2007-06-30 13:16:36 dirmngr[8006.0] DBG: <- ISVALID 4A4F50C70A26BBFBDF9A43F679F3A91DF381B43C.1FDF4ED9000400001F64
  5 - 2007-06-30 13:16:36 dirmngr[8006]: no CRL available for issuer id 4A4F50C70A26BBFBDF9A43F679F3A91DF381B43C
  5 - 2007-06-30 13:16:36 dirmngr[8006.0] DBG: -> INQUIRE SENDCERT
  5 - 2007-06-30 13:16:36 dirmngr[8006.0] DBG: <- [ 44 20 30 82 06 8e 30 82 06 38 a0 03 ...(986 bytes skipped) ]
  5 - 2007-06-30 13:16:36 dirmngr[8006.0] DBG: <- [ 44 20 6e 66 69 67 75 72 61 74 69 6f ...(788 bytes skipped) ]
  5 - 2007-06-30 13:16:36 dirmngr[8006.0] DBG: <- END
  5 - 2007-06-30 13:16:36 dirmngr[8006]: ldap wrapper 8007 started
  5 - 2007-06-30 13:16:36 dirmngr[8006]: crl_fetch via DP failed: No data
[client at fd 7 connected]
  7 - 2007-06-30 13:17:52 dirmngr[7951]: error retrieving `http://icca1.ic.ac.uk/CertEnroll/Imperial%20College%20London%20CA%201.crl': Connection timed out
  7 - 2007-06-30 13:17:52 dirmngr[7951]: crl_fetch via DP failed: Connection timed out
  7 - 2007-06-30 13:17:52 dirmngr[7951]: command ISVALID failed: Connection timed out
  7 - 2007-06-30 13:17:52 dirmngr[7951.0] DBG: -> ERR 167805060 Connection timed out <Dirmngr>
  7 - 2007-06-30 13:17:52 dirmngr[7951]: ldap wrapper 7952 ready: exit status 1
[client at fd 9 connected]
  7 - 2007-06-30 13:17:52 dirmngr[7951.0] DBG: <- [EOF]
  9 - 2007-06-30 13:17:52 gpgsm[7950]: checking the CRL failed: Connection timed out
  9 - 2007-06-30 13:17:52 gpgsm[7950.0] DBG: -> S GOODSIG 52D8F03991F4DBF5F21E1437848BF6DBC26FDC77 /CN=XXXXX/OU=ch/OU=Users/OU=Imperial College (London)/EMail=XXXXXXXXXX imperial ac uk/DC=ic/DC=ac/DC=uk
[client at fd 7 disconnected]
  9 - 2007-06-30 13:17:52 gpgsm[7950.0] DBG: -> S VALIDSIG 52D8F03991F4DBF5F21E1437848BF6DBC26FDC77 2007-06-19 20070619T074522 20071020T095145
  9 - 2007-06-30 13:17:52 gpgsm[7950]: invalid certification chain: Connection timed out
  9 - 2007-06-30 13:17:52 gpgsm[7950.0] DBG: -> S TRUST_UNDEFINED 32900
  9 - 2007-06-30 13:17:52 gpgsm[7950.0] DBG: -> OK
  9 - 2007-06-30 13:17:52 gpgsm[7950]: Assuan processing failed: IPC write error
[client at fd 9 disconnected]
  5 - 2007-06-30 13:19:45 dirmngr[8006]: can't connect to `icca1.ic.ac.uk': Connection timed out
  5 - 2007-06-30 13:19:45 dirmngr[8006]: error retrieving `http://icca1.ic.ac.uk/CertEnroll/Imperial%20College%20London%20CA%201.crl': Connection timed out
  5 - 2007-06-30 13:19:45 dirmngr[8006]: crl_fetch via DP failed: Connection timed out
  5 - 2007-06-30 13:19:45 dirmngr[8006]: command ISVALID failed: Connection timed out
  5 - 2007-06-30 13:19:45 dirmngr[8006.0] DBG: -> ERR 167805060 Connection timed out <Dirmngr>
  5 - 2007-06-30 13:19:45 dirmngr[8006]: ldap wrapper 8007 ready: exit status 1
  4 - 2007-06-30 13:19:45 gpgsm[8005]: certificate #1FDF4ED9000400001F64/CN=Imperial College London CA 1,O=Imperial College London,L=London,ST=London,C=UK,1.2.840.113549.1.9.1=#69742D73656375726974792D6F66666963657240696D70657269616C2E61632E756B
  4 - 2007-06-30 13:19:45 gpgsm[8005]: checking the CRL failed: Connection timed out
  4 - 2007-06-30 13:19:45 gpgsm[8005.0] DBG: -> S GOODSIG 52D8F03991F4DBF5F21E1437848BF6DBC26FDC77 /CN=ajpc05/OU=ch/OU=Users/OU=Imperial College (London)/EMail=XXXXXXXXXX imperial ac uk/DC=ic/DC=ac/DC=uk
  4 - 2007-06-30 13:19:45 gpgsm[8005.0] DBG: -> S VALIDSIG 52D8F03991F4DBF5F21E1437848BF6DBC26FDC77 2007-06-19 20070619T074522 20071020T095145
  4 - 2007-06-30 13:19:45 gpgsm[8005]: invalid certification chain: Connection timed out
  4 - 2007-06-30 13:19:45 gpgsm[8005.0] DBG: -> S TRUST_UNDEFINED 32900
  4 - 2007-06-30 13:19:45 gpgsm[8005.0] DBG: -> OK
  4 - 2007-06-30 13:19:45 gpgsm[8005]: Assuan processing failed: IPC write error
[client at fd 4 disconnected]
  5 - 2007-06-30 13:19:45 dirmngr[8006.0] DBG: <- [EOF]
[client at fd 5 disconnected]


The problem might be because the URL http://icca1.ic.ac.uk/CertEnroll/Imperial%20College%20London%20CA%201.crl cannot be retrieved from outside that university (firewall rules, presumably). I have SSH access to machines the other side of the firewall and have downloaded the certificate and copied it to my machine, how do I import it to check?

gpgsm --import Imperial\ College\ London\ CA\ 1.crl
gpgsm: unknown hash algorithm `?'
gpgsm: certificate has a BAD signature: General error
gpgsm: basic certificate checks failed - not imported
gpgsm: total number processed: 1
gpgsm:           not imported: 1
secmem usage: 0/16384 bytes in 0 blocks


I can email the message if required, but if I change it (e.g. remove the sender's email address for his privacy) the signature fails and KMail doesn't hang -- it doesn't try to verify the certificate -- so you can't reproduce the crash this way.

More information about the Kdepim-bugs mailing list