agent: KEYATTR only allows access to attribute.

* agent/command.c (cmd_keyattr): Check the ATTRNAME. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-23 09:57:26 +09:00 · 2022-06-23 09:57:26 +09:00 · 26d5a6e862
parent 2c47c66627
commit 26d5a6e862
1 changed files with 8 additions and 0 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -1229,6 +1229,14 @@ cmd_keyattr (assuan_context_t ctx, char *line)
      goto leave;
    }

+  if (!strcmp (argv[1], "Key:") /* It allows only access to attribute */
+      /* Make sure ATTRNAME ends with colon.  */
+      || argv[1][strlen (argv[1]) - 1] != ':')
+    {
+      err = gpg_error (GPG_ERR_INV_PARAMETER);
+      goto leave;
+    }
+
  err = parse_keygrip (ctx, argv[0], grip);
  if (err)
    goto leave;