security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-09-07 12:56:21 +02:00
Code Activity

common: On Windows, we care about how PIPE handles are inherited.

Browse Source 
* agent/gpg-agent.c (handle_connections): It's for POSIX.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/app.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
tpm2d/tpm2daemon.c (handle_connections): Ditto.
* tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH.
(do_inbound_pipe): Use GNUPG_PIPE_INBOUND.
(do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND.
* common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound.
(_gpg_decrypt): Likewise.
* common/exechelp-posix.c (gnupg_create_pipe): Add an argument.
* common/exechelp-w32.c (create_pipe_and_estream): Care about
how PIPE handles are inherited to child process.
(gnupg_create_pipe): Add an argument.
* common/exechelp.h: Add enum values.

--

Fixes-commit: af6c47b291
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2024-07-09 15:15:13 +09:00
parent 1d5cfa9b7f
commit 2b19474aab
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
10 changed files with 54 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/gpg-agent.c
View File

@ -3022,7 +3022,7 @@ handle_connections (gnupg_fd_t listen_fd,
npth_sigev_add (SIGTERM);
npth_sigev_fini ();
# ifdef HAVE_PSELECT_NO_EINTR
ret = gnupg_create_pipe (pipe_fd);
ret = gnupg_create_pipe (pipe_fd, 0);
if (ret)
{
log_error ("pipe creation failed: %s\n", gpg_strerror (ret));

8
common/call-gpg.c
View File

@ -429,9 +429,9 @@ _gpg_encrypt (ctrl_t ctrl,
assert ((reader_mb == NULL) != (cipher_stream == NULL));
/* Create two pipes. */
err = gnupg_create_pipe (outbound_fds);
err = gnupg_create_pipe (outbound_fds, GNUPG_PIPE_OUTBOUND);
if (!err)
err = gnupg_create_pipe (inbound_fds);
err = gnupg_create_pipe (inbound_fds, GNUPG_PIPE_INBOUND);
if (err)
{
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
@ -613,9 +613,9 @@ _gpg_decrypt (ctrl_t ctrl,
assert ((reader_mb == NULL) != (plain_stream == NULL));
/* Create two pipes. */
err = gnupg_create_pipe (outbound_fds);
err = gnupg_create_pipe (outbound_fds, GNUPG_PIPE_OUTBOUND);
if (!err)
err = gnupg_create_pipe (inbound_fds);
err = gnupg_create_pipe (inbound_fds, GNUPG_PIPE_INBOUND);
if (err)
{
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));

9
common/exechelp-posix.c
View File

@ -348,11 +348,14 @@ gnupg_create_outbound_pipe (gnupg_fd_t *r_fd, estream_t *r_fp, int nonblock)
}
/* Portable function to create a pipe. Under Windows both ends are
inheritable. */
/* Portable function to create a pipe. FLAGS=GNUPG_PIPE_INBOUND for
ihneritable write-end for Windows, GNUPG_PIPE_OUTBOUND for
inheritable read-end for Windows, GNUPG_PIPE_BOTH to specify
both ends may be inheritable. */
gpg_error_t
gnupg_create_pipe (int filedes[2])
gnupg_create_pipe (int filedes[2], int flags)
{
(void)flags;
return do_create_pipe (filedes);
}

32
common/exechelp-w32.c
View File

@ -229,8 +229,16 @@ create_pipe_and_estream (gnupg_fd_t *r_fd, int flags,
gpg_error_t err = 0;
es_syshd_t syshd;
gnupg_fd_t fds[2];
int inherit_flags = 0;
if (create_inheritable_pipe (fds, flags) < 0)
if (flags == GNUPG_PIPE_OUTBOUND)
inherit_flags = INHERIT_READ;
else if (flags == GNUPG_PIPE_INBOUND)
inherit_flags = INHERIT_WRITE;
else
inherit_flags = INHERIT_BOTH;
if (create_inheritable_pipe (fds, inherit_flags) < 0)
{
err = my_error_from_syserror ();
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
@ -275,7 +283,7 @@ gnupg_create_inbound_pipe (gnupg_fd_t *r_fd, estream_t *r_fp, int nonblock)
if (!r_fd || !r_fp)
gpg_error (GPG_ERR_INV_ARG);
return create_pipe_and_estream (r_fd, INHERIT_WRITE, r_fp, 0, nonblock);
return create_pipe_and_estream (r_fd, GNUPG_PIPE_INBOUND, r_fp, 0, nonblock);
}
@ -288,19 +296,29 @@ gnupg_create_outbound_pipe (gnupg_fd_t *r_fd, estream_t *r_fp, int nonblock)
if (!r_fd || !r_fp)
gpg_error (GPG_ERR_INV_ARG);
return create_pipe_and_estream (r_fd, INHERIT_READ, r_fp, 1, nonblock);
return create_pipe_and_estream (r_fd, GNUPG_PIPE_OUTBOUND, r_fp, 1, nonblock);
}
/* Portable function to create a pipe. Under Windows both ends are
inheritable. */
/* Portable function to create a pipe. FLAGS=GNUPG_PIPE_INBOUND for
ihneritable write-end for Windows, GNUPG_PIPE_OUTBOUND for
inheritable read-end for Windows, GNUPG_PIPE_BOTH to specify
both ends may be inheritable. */
gpg_error_t
gnupg_create_pipe (int filedes[2])
gnupg_create_pipe (int filedes[2], int flags)
{
gnupg_fd_t fds[2];
gpg_error_t err = 0;
int inherit_flags = 0;
if (create_inheritable_pipe (fds, INHERIT_BOTH) < 0)
if (flags == GNUPG_PIPE_OUTBOUND)
inherit_flags = INHERIT_READ;
else if (flags == GNUPG_PIPE_INBOUND)
inherit_flags = INHERIT_WRITE;
else
inherit_flags = INHERIT_BOTH;
if (create_inheritable_pipe (fds, inherit_flags) < 0)
return my_error_from_syserror ();
filedes[0] = _open_osfhandle (handle_to_fd (fds[0]), O_RDONLY);

16
common/exechelp.h
View File

@ -65,11 +65,17 @@ gpg_error_t gnupg_create_inbound_pipe (gnupg_fd_t *r_fd,
gpg_error_t gnupg_create_outbound_pipe (gnupg_fd_t *r_fd,
estream_t *r_fp, int nonblock);
/* Portable function to create a pipe. Under Windows both ends are
inheritable. */
gpg_error_t gnupg_create_pipe (int filedes[2]);
enum {
GNUPG_PIPE_DONTCARE=0,
GNUPG_PIPE_INBOUND=1,
GNUPG_PIPE_OUTBOUND=2,
GNUPG_PIPE_BOTH=3
};
/* Close the end of a pipe. */
void gnupg_close_pipe (int fd);
/* Portable function to create a pipe. FLAGS=GNUPG_PIPE_INBOUND for
ihneritable write-end for Windows, GNUPG_PIPE_OUTBOUND for
inheritable read-end for Windows, GNUPG_PIPE_BOTH to specify
both ends may be inheritable. */
gpg_error_t gnupg_create_pipe (int filedes[2], int flags);
#endif /*GNUPG_COMMON_EXECHELP_H*/

2
kbx/keyboxd.c
View File

@ -1527,7 +1527,7 @@ handle_connections (gnupg_fd_t listen_fd)
npth_sigev_add (SIGTERM);
npth_sigev_fini ();
# ifdef HAVE_PSELECT_NO_EINTR
ret = gnupg_create_pipe (pipe_fd);
ret = gnupg_create_pipe (pipe_fd, 0);
if (ret)
{
log_error ("pipe creation failed: %s\n", gpg_strerror (ret));

2
scd/app.c
View File

@ -2649,7 +2649,7 @@ initialize_module_command (void)
#ifdef HAVE_W32_SYSTEM
scd_init_event (&card_list_lock.the_event, card_list_lock.events);
#else
ret = gnupg_create_pipe (card_list_lock.notify_pipe);
ret = gnupg_create_pipe (card_list_lock.notify_pipe, 0);
if (ret)
{
err = gpg_error_from_syserror ();

2
scd/scdaemon.c
View File

@ -1312,7 +1312,7 @@ handle_connections (gnupg_fd_t listen_fd)
#ifdef HAVE_PSELECT_NO_EINTR
int pipe_fd[2];
ret = gnupg_create_pipe (pipe_fd);
ret = gnupg_create_pipe (pipe_fd, 0);
if (ret)
{
log_error ("pipe creation failed: %s\n", gpg_strerror (ret));

6
tests/gpgscm/ffi.c
View File

@ -1227,7 +1227,7 @@ do_pipe (scheme *sc, pointer args)
FFI_PROLOG ();
int filedes[2];
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = gnupg_create_pipe (filedes);
err = gnupg_create_pipe (filedes, GNUPG_PIPE_BOTH);
#define IMC(A, B) \
_cons (sc, sc->vptr->mk_integer (sc, (unsigned long) (A)), (B), 1)
FFI_RETURN_POINTER (sc, IMC (filedes[0],
@ -1241,7 +1241,7 @@ do_inbound_pipe (scheme *sc, pointer args)
FFI_PROLOG ();
int filedes[2];
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = gnupg_create_pipe (filedes);
err = gnupg_create_pipe (filedes, GNUPG_PIPE_INBOUND);
#define IMC(A, B) \
_cons (sc, sc->vptr->mk_integer (sc, (unsigned long) (A)), (B), 1)
FFI_RETURN_POINTER (sc, IMC (filedes[0],
@ -1255,7 +1255,7 @@ do_outbound_pipe (scheme *sc, pointer args)
FFI_PROLOG ();
int filedes[2];
FFI_ARGS_DONE_OR_RETURN (sc, args);
err = gnupg_create_pipe (filedes);
err = gnupg_create_pipe (filedes, GNUPG_PIPE_OUTBOUND);
#define IMC(A, B) \
_cons (sc, sc->vptr->mk_integer (sc, (unsigned long) (A)), (B), 1)
FFI_RETURN_POINTER (sc, IMC (filedes[0],

2
tpm2d/tpm2daemon.c
View File

@ -1093,7 +1093,7 @@ handle_connections (gnupg_fd_t listen_fd)
#ifdef HAVE_PSELECT_NO_EINTR
int pipe_fd[2];
ret = gnupg_create_pipe (pipe_fd);
ret = gnupg_create_pipe (pipe_fd, 0);
if (ret)
{
log_error ("pipe creation failed: %s\n", gpg_strerror (ret));