gpg: Use is_secured_filename before opening the file.

* g10/gpg.c (print_mds): Check by is_secured_filename, earlier.
* g10/tdbdump.c (import_ownertrust): Likewise.

--

GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

g10/gpg.c

@@ -5622,13 +5622,13 @@ print_mds( const char *fname, int algo )
     }
   else
     {
-      fp = es_fopen (fname, "rb" );
+      if (is_secured_filename (fname))
-      if (fp && is_secured_file (es_fileno (fp)))
         {
-          es_fclose (fp);
           fp = NULL;
           gpg_err_set_errno (EPERM);
         }
+      else
+        fp = es_fopen (fname, "rb" );
     }
   if (!fp)
     {

g10/tdbdump.c

@@ -141,19 +141,16 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
 	fname = "[stdin]";
 	is_stdin = 1;
     }
+    else if (is_secured_filename (fname)) {
+        gpg_err_set_errno (EPERM);
+	log_error (_("can't open '%s': %s\n"), fname, strerror(errno) );
+	return;
+    }
     else if( !(fp = es_fopen( fname, "r" )) ) {
 	log_error ( _("can't open '%s': %s\n"), fname, strerror(errno) );
 	return;
     }
 
-    if (is_secured_file (es_fileno (fp)))
-      {
-        es_fclose (fp);
-        gpg_err_set_errno (EPERM);
-	log_error (_("can't open '%s': %s\n"), fname, strerror(errno) );
-	return;
-      }
-
     while (es_fgets (line, DIM(line)-1, fp)) {
 	TRUSTREC rec;