security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

gpg: Move the check by is_secured_file earlier. 

* g10/decrypt.c (decrypt_message_fd): Call is_secured_file here.
* g10/plaintext.c (get_output_file): Remove the call.

--

Fixes-commit: 71625f56fd
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2023-07-11 13:49:41 +09:00
parent 16d135c396
commit 067bc2ed4c
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
g10/decrypt.c
View File

@ -139,6 +139,18 @@ decrypt_message_fd (ctrl_t ctrl, gnupg_fd_t input_fd,
return err;
}
if (is_secured_file (output_fd))
{
char xname[64];
err = gpg_error (GPG_ERR_EPERM);
snprintf (xname, sizeof xname, "[fd %d]", (int)(intptr_t)output_fd);
log_error (_("can't open '%s': %s\n"), xname, gpg_strerror (err));
iobuf_close (fp);
release_progress_context (pfx);
return err;
}
opt.outfp = open_stream_nc (output_fd, "w");
if (!opt.outfp)
{

8
g10/plaintext.c
View File

@ -145,13 +145,7 @@ get_output_file (const byte *embedded_name, int embedded_namelen,
}
}
if (opt.outfp && is_secured_file (es_fileno (opt.outfp)))
{
err = gpg_error (GPG_ERR_EPERM);
log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
goto leave;
}
else if (fp || nooutput)
if (fp || nooutput)
;
else if (is_secured_filename (fname))
{