Server generates bogus response toward query of short domain names

[ygrek]

Original report by Houzuo Guo (Bitbucket: howardguo, GitHub: howardguo).

---

Good day.

When user issues a query string of a short domain name (e.g. "goo.gl") or an Email address that belongs to the short domain name (e.g. "i@t.co") and chooses "get verbose index of matching keys", SKS server takes many seconds to process the request and eventually comes back with an incomplete HTML page filled with what seems like corrupted memory data. This is occurring on many of the popular SKS servers such as http://keyserver.ubuntu.com and https://pgp.mit.edu.

Example request and response:

==========================

curl -v 'https://keyserver.opensuse.org/pks/lookup?search=i%40t.co&hash=on&op=vindex'
*   Trying 195.135.221.140...
* TCP_NODELAY set
* Connected to keyserver.opensuse.org (195.135.221.140) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=opensuse.org
*  start date: Jun 18 23:01:27 2018 GMT
*  expire date: Sep 16 23:01:27 2018 GMT
*  subjectAltName: host "keyserver.opensuse.org" matched cert's "*.opensuse.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /pks/lookup?search=i%40t.co&hash=on&op=vindex HTTP/1.1
> Host: keyserver.opensuse.org
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sun, 02 Sep 2018 17:13:20 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: [60640501 (bb)](https://bitbucket.org/skskeyserver/sks-keyserver/commits/60640501)
< Server: sks_www/1.1.6
< Cache-Control: max-age=31536000
< Pragma: no-cache
< Expires: Mon, 02 Sep 2019 17:13:20 GMT
< X-HKP-Results-Count: 39
< Access-Control-Allow-Origin: *
< Via: 1.1 keyserver1.opensuse.org:11371
< Strict-Transport-Security: max-age=15768000
<
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Search results for 't i co'</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<style type="text/css">
/*<![CDATA[*/
 .uid { color: green; text-decoration: underline; }
 .warn { color: red; font-weight: bold; }
/*]]>*/
</style></head><body><h1>Search results for 't i co'</h1><pre>Type bits/keyID     cr. time   exp time   key expir
</pre><hr /><pre><strong>pub</strong>  2048R/<a href="/pks/lookup?op=get&amp;search=0xE41ED3A107A7DBC7">07A7DBC7</a> 2018-06-14
         Hash=<a href=/pks/lookup?op=hget&amp;search=D0C4380CC579BF739C78555808B7C65C>D0C4380CC579BF739C78555808B7C65C</a>

<strong>uid</strong> <span class="uid">Yegor Timoshenko</span>
sig  sig3  <a href="/pks/lookup?op=get&amp;hash=on&amp;search=0xE41ED3A107A7DBC7">07A7DBC7</a> 2018-06-14 __________ 2020-06-13 <a href="/pks/lookup?op=vindex&amp;hash=on&amp;search=0xE41ED3A107A7DBC7">[selfsig]</a>

<strong>uid</strong> <span class="uid">Yegor Timoshenko 2</span>
sig  sig3  <a href="/pks/lookup?op=get&amp;hash=on&amp;search=0xE41ED3A107A7DBC7">07A7DBC7</a> 2018-06-14 __________ 2020-06-13 <a href="/pks/lookup?op=vindex&amp;hash=on&amp;search=0xE41ED3A107A7DBC7">[selfsig]</a>

<strong>uid</strong> <span class="uid"> m0{kh
Q6P&#x27;\:�&gt;r
_:t}*;z h_�*4�tfN�
�D̾#

IFl;j&lt;V�|[oD(��7(cxMh
�
ө�݃&#x27;&lt;iNϏ
g�@}vCi5}ʀ^
u;
ix
+)ڷV:b7qAa&#x27;?PDj
gzȘ!WM&quot;v

43&#x27; (w#�
EN��ܣlkC(6}��#!
�@l-&#x27;Svr9(
_P&quot; �
۸�
G�`�\Aj�!J2�7E�0{Ŵ�ZF坽֗�J7ۃX�
8�6 ˊWo�es�g&lt;{u9_1v9J)f
\d~^)sȇ�$ȡ�Y&#x2F;R-X;ĉ#�`Wq�׃ɞ) &lt;�q$�
Q�xHu(8�e V?LjFGJ��&amp;�yS�P=uxnv&amp;4VcP9Z&#x2F;]Ț;[Yo8$]q�p 7�m|3W!aO-WVr~&lt; *
8oi &#x2F;&amp;�����MKsE3O �d�K0p?SҚ&quot;VD�&amp;暾Sg%&gt;饍c&gt;</span>
sig  sig3  <a href="/pks/lookup?op=get&amp;hash=on&amp;search=0xE41ED3A107A7DBC7">07A7DBC7</a> 2018-06-14 __________ 2020-06-13 <a href="/pks/lookup?op=vindex&amp;hash=on&amp;search=0xE41ED3A107A7DBC7">[selfsig]</a>

* Failed writing body (466 != 2859)
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (23) Failed writing body (466 != 2859)

[ygrek]

Original comment by Yegor Timoshenko (Bitbucket: yegortimoshenko, GitHub: yegortimoshenko).

---

This is an unintended fallout from #60.