From 3ccad75d76b9c17b9495c48df8dd4be46d3b3105 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 15 Jan 2020 11:51:52 +0100
Subject: gpg: Print better debug info in case of broken sig subpackets.

* g10/parse-packet.c (enum_sig_subpkt): Print a hexdump.
--

A test key for this is 02DF08F5FD356BF27F5F7B838921B5DCCD15A883 .
A key listing in verbose mode will now yield

  gpg: DBG: buffer shorter than subpacket (10/9/25);\
       dump: 19100d87e54973647cff

The error here is that the packet length is 0x19 but what follows is a
long keyid (subpacket 16) which is shorter.  The debug output might be
helpful to better analyze broken signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/parse-packet.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'g10/parse-packet.c')

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 2f92c1d2c..7c330ee43 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1886,7 +1886,10 @@ enum_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
 
  too_short:
   if (opt.verbose && !glo_ctrl.silence_parse_warnings)
-    log_info ("buffer shorter than subpacket\n");
+    log_printhex (pktbuf->data, pktbuf->len > 16? 16 : pktbuf->len,
+                  "buffer shorter than subpacket (%zu/%d/%zu); dump:",
+                  pktbuf->len, buflen, n);
+
   if (start)
     *start = -1;
   return NULL;
-- 
cgit v1.2.3