From 5681b8eaa44005afdd30211b47e5fb1a799583dd Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 10 Feb 2020 15:32:55 +0100 Subject: [PATCH] gpg: Make really sure that --verify-files always returns an error. * g10/verify.c (verify_files): Track the first error code. -- It seems to be possible to play tricks with packet structures so that log_error is not used for a bad input data. By actually checking the return code and let the main driver in gpg call log_error, we can fix this case. Note that using gpg --verify-files and relying solely on gpg's return code is at best a questionable strategy. It is for example impossible to tell which data has been signed. Signed-off-by: Werner Koch --- g10/verify.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/g10/verify.c b/g10/verify.c index 73ac4bad8..fc18882b0 100644 --- a/g10/verify.c +++ b/g10/verify.c @@ -191,7 +191,8 @@ verify_one_file (ctrl_t ctrl, const char *name ) int verify_files (ctrl_t ctrl, int nfiles, char **files ) { - int i; + int i, rc; + int first_rc = 0; if( !nfiles ) { /* read the filenames from stdin */ char line[2048]; @@ -203,19 +204,26 @@ verify_files (ctrl_t ctrl, int nfiles, char **files ) log_error(_("input line %u too long or missing LF\n"), lno ); return GPG_ERR_GENERAL; } - /* This code does not work on MSDOS but how cares there are + /* This code does not work on MSDOS but hwo cares there are * also no script languages available. We don't strip any * spaces, so that we can process nearly all filenames */ line[strlen(line)-1] = 0; - verify_one_file (ctrl, line ); + rc = verify_one_file (ctrl, line); + if (!first_rc) + first_rc = rc; } } else { /* take filenames from the array */ for(i=0; i < nfiles; i++ ) - verify_one_file (ctrl, files[i] ); + { + rc = verify_one_file (ctrl, files[i]); + if (!first_rc) + first_rc = rc; + } } - return 0; + + return first_rc; }