From 6d77c76ef2de1b944141f9b5fbcd9392aaf1a4e7 Mon Sep 17 00:00:00 2001 From: Marcus Brinkmann Date: Sat, 29 Jul 2006 16:40:54 +0000 Subject: [PATCH] 2006-07-29 Marcus Brinkmann * preset-passphrase.c (preset_passphrase): Do not strip off last character of passphrase. (make_hexstring): New function. * command.c (cmd_preset_passphrase): Use parse_hexstring to syntax check passphrase argument. Truncate passphrase at delimiter. --- agent/ChangeLog | 8 +++++++ agent/command.c | 9 +++++++- agent/preset-passphrase.c | 47 +++++++++++++++++++++++++++++++++++++-- 3 files changed, 61 insertions(+), 3 deletions(-) diff --git a/agent/ChangeLog b/agent/ChangeLog index 2048f5c18..97c7741ac 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,11 @@ +2006-07-29 Marcus Brinkmann + + * preset-passphrase.c (preset_passphrase): Do not strip off last + character of passphrase. + (make_hexstring): New function. + * command.c (cmd_preset_passphrase): Use parse_hexstring to syntax + check passphrase argument. Truncate passphrase at delimiter. + 2006-07-24 Werner Koch * minip12.c (build_key_bag): New args SHA1HASH and diff --git a/agent/command.c b/agent/command.c index 12770dac8..1f3923522 100644 --- a/agent/command.c +++ b/agent/command.c @@ -794,7 +794,7 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line) return map_to_assuan_status (rc); } -/* PRESET_PASSPHRASE +/* PRESET_PASSPHRASE Set the cached passphrase/PIN for the key identified by the keygrip to passwd for the given time, where -1 means infinite and 0 means @@ -809,6 +809,7 @@ cmd_preset_passphrase (ASSUAN_CONTEXT ctx, char *line) char *grip_clear = NULL; char *passphrase = NULL; int ttl; + size_t len; if (!opt.allow_preset_passphrase) return gpg_error (GPG_ERR_NOT_SUPPORTED); @@ -837,6 +838,12 @@ cmd_preset_passphrase (ASSUAN_CONTEXT ctx, char *line) while (!(*line != ' ' && *line != '\t')) line++; + /* Syntax check the hexstring. */ + rc = parse_hexstring (ctx, line, &len); + if (rc) + return rc; + line[len] = '\0'; + /* If there is a passphrase, use it. Currently, a passphrase is required. */ if (*line) diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c index 013c9411d..f876b0647 100644 --- a/agent/preset-passphrase.c +++ b/agent/preset-passphrase.c @@ -152,6 +152,38 @@ map_spwq_error (int err) } +/* Percent-Escape special characters. The string is valid until the + next invocation of the function. */ +static char * +make_hexstring (const char *src) +{ + int len = 2 * strlen (src) + 1; + char *dst; + char *res; + + res = dst = malloc (len); + if (!dst) + { + log_error ("can not escape string: %s\n", + gpg_strerror (gpg_error_from_errno (errno))); + return NULL; + } + +#define _tohex(nr) ((nr) < 10 ? ((nr) + '0') : (((nr) - 10) + 'A')) +#define tohex1(p) _tohex (*((unsigned char *) p) & 15) +#define tohex2(p) _tohex ((*((unsigned char *) p) >> 4) & 15) + + while (*src) + { + *(dst++) = tohex2 (src); + *(dst++) = tohex1 (src); + src++; + } + *dst = '\0'; + return res; +} + + static void preset_passphrase (const char *keygrip) { @@ -159,6 +191,7 @@ preset_passphrase (const char *keygrip) char *line; /* FIXME: Use secure memory. */ char passphrase[500]; + char *passphrase_esc; if (!opt_passphrase) { @@ -173,7 +206,6 @@ preset_passphrase (const char *keygrip) line = strchr (passphrase, '\n'); if (line) { - line--; if (line > passphrase && line[-1] == '\r') line--; *line = '\0'; @@ -182,8 +214,19 @@ preset_passphrase (const char *keygrip) /* FIXME: How to handle empty passwords? */ } + passphrase_esc = make_hexstring (opt_passphrase + ? opt_passphrase : passphrase); + if (!passphrase_esc) + { + /* Error message printed by callee. */ + return; + } + rc = asprintf (&line, "PRESET_PASSPHRASE %s -1 %s\n", keygrip, - opt_passphrase? opt_passphrase : passphrase); + passphrase_esc); + wipememory (passphrase_esc, strlen (passphrase_esc)); + free (passphrase_esc); + if (rc < 0) { log_error ("caching passphrase failed: %s\n",