Always pass utf8 encoded strings to python-gnupg

self.encoding which we set in the init is only intended to decode gpg´s stderr which uses a system specific encoding. if we dont encode the data we pass to python-gnupg ourself, it will fallback and use self.encoding. This might be of no concern if self.encoding is set to 'utf8' and when we are on Linux which has a preferred encoding of 'utf8'. But if we are on Windows the preferred encoding for stderr is most of the time not 'utf8'. If python-gnupg tries to decode a stderr stream that is for example encoded with 'cp1252' with our set encoding of 'utf8' this will fail. The solution is to pre-encode the data before we pass it to python-gnupg, so it does not have to use self.encoding as a fallback. And set self.encoding='latin1' because latin1 will not yield exceptions on decoding errors. Also gpg itself will fallback to latin1 as stderr encoding when it cant determine the preferred encoding of a system. self.decode_errors is used for something differently, and has no influence on the situation. Fixes #8644
2017-06-08 19:33:01 +02:00 · 2017-06-08 19:33:01 +02:00 · 1bf66b857a
commit 1bf66b857a
parent 2872993b0c
1 changed files with 4 additions and 4 deletions
--- a/src/common/gpg.py
+++ b/src/common/gpg.py
@ -59,7 +59,7 @@ if HAVE_GPG:
                            return '', 'NOT_TRUSTED ' + key['keyid'][-8:]
                        else:
                            trust = True
-            result = super(GnuPG, self).encrypt(str_, recipients,
+            result = super(GnuPG, self).encrypt(str_.encode('utf8'), recipients,
                always_trust=trust, passphrase=self.passphrase)

            if result.ok:
@ -71,13 +71,13 @@ if HAVE_GPG:

        def decrypt(self, str_, keyID):
            data = self._addHeaderFooter(str_, 'MESSAGE')
-            result = super(GnuPG, self).decrypt(data,
+            result = super(GnuPG, self).decrypt(data.encode('utf8'),
                passphrase=self.passphrase)

            return str(result)

        def sign(self, str_, keyID):
-            result = super(GnuPG, self).sign(str_, keyid=keyID, detach=True,
+            result = super(GnuPG, self).sign(str_.encode('utf8'), keyid=keyID, detach=True,
                passphrase=self.passphrase)

            if result.fingerprint:
@ -100,7 +100,7 @@ if HAVE_GPG:
                     str_,
                     self._addHeaderFooter(sign, 'SIGNATURE')]
                    )
-                result = super(GnuPG, self).verify(data)
+                result = super(GnuPG, self).verify(data.encode('utf8'))
                if result.valid:
                    return result.key_id