security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-09-23 15:21:42 +02:00
Code Activity

* options.h, g10.c (main), plaintext.c (handle_plaintext): Add

Browse Source 
--max-output option to help people deal with decompression bombs.
This commit is contained in:
David Shaw 2004-02-18 23:09:27 +00:00
parent f3de3a5eb9
commit 6c13b96a1d
4 changed files with 81 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
g10/ChangeLog
View File

@ -1,3 +1,8 @@
2004-02-18 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main), plaintext.c (handle_plaintext): Add
--max-output option to help people deal with decompression bombs.
2004-02-15 David Shaw <dshaw@jabberwocky.com> 2004-02-15 David Shaw <dshaw@jabberwocky.com>
* build-packet.c (do_user_id): Do not force a header for attribute * build-packet.c (do_user_id): Do not force a header for attribute

3
g10/g10.c
View File

@ -76,6 +76,7 @@ enum cmd_and_opt_values
oCompress = 'z', oCompress = 'z',
oSetNotation = 'N', oSetNotation = 'N',
oBatch = 500, oBatch = 500,
oMaxOutput,
oSigNotation, oSigNotation,
oCertNotation, oCertNotation,
oShowNotation, oShowNotation,
@ -436,6 +437,7 @@ static ARGPARSE_OPTS opts[] = {
{ oAskCertExpire, "ask-cert-expire", 0, "@"}, { oAskCertExpire, "ask-cert-expire", 0, "@"},
{ oNoAskCertExpire, "no-ask-cert-expire", 0, "@"}, { oNoAskCertExpire, "no-ask-cert-expire", 0, "@"},
{ oOutput, "output", 2, N_("use as output file")}, { oOutput, "output", 2, N_("use as output file")},
{ oMaxOutput, "max-output", 16|4, "@" },
{ oVerbose, "verbose", 0, N_("verbose") }, { oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, "@"}, { oQuiet, "quiet", 0, "@"},
{ oNoTTY, "no-tty", 0, "@"}, { oNoTTY, "no-tty", 0, "@"},
@ -1697,6 +1699,7 @@ main( int argc, char **argv )
case oArmor: opt.armor = 1; opt.no_armor=0; break; case oArmor: opt.armor = 1; opt.no_armor=0; break;
case oOutput: opt.outfile = pargs.r.ret_str; break; case oOutput: opt.outfile = pargs.r.ret_str; break;
case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
case oQuiet: opt.quiet = 1; break; case oQuiet: opt.quiet = 1; break;
case oNoTTY: tty_no_terminal(1); break; case oNoTTY: tty_no_terminal(1); break;
case oDryRun: opt.dry_run = 1; break; case oDryRun: opt.dry_run = 1; break;

6
g10/options.h
View File

@ -1,6 +1,6 @@
/* options.h /* options.h
* Copyright (C) 1998, 1999, 2000, 2001, 2002, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
* 2003 Free Software Foundation, Inc. * 2004 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -21,6 +21,7 @@
#ifndef G10_OPTIONS_H #ifndef G10_OPTIONS_H
#define G10_OPTIONS_H #define G10_OPTIONS_H
#include <sys/types.h>
#include <types.h> #include <types.h>
#include "main.h" #include "main.h"
#include "packet.h" #include "packet.h"
@ -43,6 +44,7 @@ struct {
unsigned debug; unsigned debug;
int armor; int armor;
char *outfile; char *outfile;
off_t max_output;
int dry_run; int dry_run;
int list_only; int list_only;
int textmode; int textmode;

68
g10/plaintext.c
View File

@ -24,6 +24,7 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <assert.h> #include <assert.h>
#include <sys/types.h>
#ifdef HAVE_DOSISH_SYSTEM #ifdef HAVE_DOSISH_SYSTEM
#include <fcntl.h> /* for setmode() */ #include <fcntl.h> /* for setmode() */
#endif #endif
@ -52,6 +53,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
{ {
char *fname = NULL; char *fname = NULL;
FILE *fp = NULL; FILE *fp = NULL;
off_t count=0;
int rc = 0; int rc = 0;
int c; int c;
int convert = pt->mode == 't'; int convert = pt->mode == 't';
@ -164,8 +166,17 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
if( c == '\r' ) /* convert to native line ending */ if( c == '\r' ) /* convert to native line ending */
continue; /* fixme: this hack might be too simple */ continue; /* fixme: this hack might be too simple */
#endif #endif
if( fp ) { if( fp )
if( putc( c, fp ) == EOF ) { {
if((count++)>opt.max_output)
{
log_error("Error writing to `%s': %s\n",
fname,"exceeded --max-output limit\n");
rc = G10ERR_WRITE_FILE;
goto leave;
}
else if( putc( c, fp ) == EOF )
{
log_error("Error writing to `%s': %s\n", log_error("Error writing to `%s': %s\n",
fname, strerror(errno) ); fname, strerror(errno) );
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;
@ -188,8 +199,18 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
} }
if( mfx->md ) if( mfx->md )
md_write( mfx->md, buffer, len ); md_write( mfx->md, buffer, len );
if( fp ) { if( fp )
if( fwrite( buffer, 1, len, fp ) != len ) { {
if((count+=len)>opt.max_output)
{
log_error("Error writing to `%s': %s\n",
fname,"exceeded --max-output limit\n");
rc = G10ERR_WRITE_FILE;
m_free( buffer );
goto leave;
}
else if( fwrite( buffer, 1, len, fp ) != len )
{
log_error("Error writing to `%s': %s\n", log_error("Error writing to `%s': %s\n",
fname, strerror(errno) ); fname, strerror(errno) );
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;
@ -211,8 +232,17 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
if( convert && c == '\r' ) if( convert && c == '\r' )
continue; /* fixme: this hack might be too simple */ continue; /* fixme: this hack might be too simple */
#endif #endif
if( fp ) { if( fp )
if( putc( c, fp ) == EOF ) { {
if((count++)>opt.max_output)
{
log_error("Error writing to `%s': %s\n",
fname,"exceeded --max-output limit\n");
rc = G10ERR_WRITE_FILE;
goto leave;
}
else if( putc( c, fp ) == EOF )
{
log_error("Error writing to `%s': %s\n", log_error("Error writing to `%s': %s\n",
fname, strerror(errno) ); fname, strerror(errno) );
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;
@ -238,8 +268,17 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
eof = 1; eof = 1;
if( mfx->md ) if( mfx->md )
md_write( mfx->md, buffer, len ); md_write( mfx->md, buffer, len );
if( fp ) { if( fp )
if( fwrite( buffer, 1, len, fp ) != len ) { {
if((count+=len)>opt.max_output)
{
log_error("Error writing to `%s': %s\n",
fname,"exceeded --max-output limit\n");
rc = G10ERR_WRITE_FILE;
m_free( buffer );
goto leave;
}
else if( fwrite( buffer, 1, len, fp ) != len ) {
log_error("Error writing to `%s': %s\n", log_error("Error writing to `%s': %s\n",
fname, strerror(errno) ); fname, strerror(errno) );
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;
@ -256,8 +295,17 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
int state = 0; int state = 0;
while( (c = iobuf_get(pt->buf)) != -1 ) { while( (c = iobuf_get(pt->buf)) != -1 ) {
if( fp ) { if( fp )
if( putc( c, fp ) == EOF ) { {
if((count++)>opt.max_output)
{
log_error("Error writing to `%s': %s\n",
fname,"exceeded --max-output limit\n");
rc = G10ERR_WRITE_FILE;
goto leave;
}
else if( putc( c, fp ) == EOF )
{
log_error("Error writing to `%s': %s\n", log_error("Error writing to `%s': %s\n",
fname, strerror(errno) ); fname, strerror(errno) );
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;