From 5d375bb1682548a70882f270f8c8bba7033ab642 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 14 Jul 2023 15:49:23 +0900
Subject: [PATCH] gpg: Use is_secured_filename before opening the file.

* g10/gpg.c (print_mds): Check by is_secured_filename, earlier.
* g10/tdbdump.c (import_ownertrust): Likewise.

--

GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/gpg.c     |  6 +++---
 g10/tdbdump.c | 13 +++++--------
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/g10/gpg.c b/g10/gpg.c
index d836ff072..23bf8d971 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -5622,13 +5622,13 @@ print_mds( const char *fname, int algo )
     }
   else
     {
-      fp = es_fopen (fname, "rb" );
-      if (fp && is_secured_file (es_fileno (fp)))
+      if (is_secured_filename (fname))
         {
-          es_fclose (fp);
           fp = NULL;
           gpg_err_set_errno (EPERM);
         }
+      else
+        fp = es_fopen (fname, "rb" );
     }
   if (!fp)
     {
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index 2a02ad108..9ff3f81a3 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -141,19 +141,16 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
 	fname = "[stdin]";
 	is_stdin = 1;
     }
+    else if (is_secured_filename (fname)) {
+        gpg_err_set_errno (EPERM);
+	log_error (_("can't open '%s': %s\n"), fname, strerror(errno) );
+	return;
+    }
     else if( !(fp = es_fopen( fname, "r" )) ) {
 	log_error ( _("can't open '%s': %s\n"), fname, strerror(errno) );
 	return;
     }
 
-    if (is_secured_file (es_fileno (fp)))
-      {
-        es_fclose (fp);
-        gpg_err_set_errno (EPERM);
-	log_error (_("can't open '%s': %s\n"), fname, strerror(errno) );
-	return;
-      }
-
     while (es_fgets (line, DIM(line)-1, fp)) {
 	TRUSTREC rec;