security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

agent: KEYATTR only allows access to attribute.

Browse Source 
* agent/command.c (cmd_keyattr): Check the ATTRNAME.

--

GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-06-23 09:57:26 +09:00
parent 2c47c66627
commit 26d5a6e862
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
agent/command.c
View File

@ -1229,6 +1229,14 @@ cmd_keyattr (assuan_context_t ctx, char *line)
goto leave;
}
if (!strcmp (argv[1], "Key:") /* It allows only access to attribute */
/* Make sure ATTRNAME ends with colon. */
|| argv[1][strlen (argv[1]) - 1] != ':')
{
err = gpg_error (GPG_ERR_INV_PARAMETER);
goto leave;
}
err = parse_keygrip (ctx, argv[0], grip);
if (err)
goto leave;