From 73f6c2dd4d3e5b58faf69821726988ae984fad89 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 5 Mar 2025 15:31:50 +0100 Subject: [PATCH] w32: On socket nonce mismatch close the socket. * agent/gpg-agent.c (start_connection_thread_std): Close socket on nonce mismatch. (start_connection_thread_extra): Ditto. (start_connection_thread_browser): Ditto. (start_connection_thread_ssh): Ditto. * dirmngr/dirmngr.c (start_connection_thread): Ditto. * kbx/keyboxd.c (start_connection_thread): Ditto. -- Usually Libassuan takes care of closing the socket but because we do the nonce check before setting up Assuan we need to explicit close it. GnuPG-bug-id: 7434 --- agent/command.c | 2 +- agent/gpg-agent.c | 20 +++++++++++++------- dirmngr/dirmngr.c | 3 ++- kbx/keyboxd.c | 5 +++-- 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/agent/command.c b/agent/command.c index ebfffa624..b61ab9354 100644 --- a/agent/command.c +++ b/agent/command.c @@ -4396,7 +4396,7 @@ register_commands (assuan_context_t ctx) /* Startup the server. If LISTEN_FD and FD is given as -1, this is a - simple piper server, otherwise it is a regular server. CTRL is the + simple pipe server, otherwise it is a regular server. CTRL is the control structure for this connection; it has only the basic initialization. */ void diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index ae1295977..5b1a124e0 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -2877,8 +2877,9 @@ start_connection_thread_std (void *arg) if (check_nonce (ctrl, &socket_nonce)) { - log_error ("handler 0x%lx nonce check FAILED\n", - (unsigned long) npth_self()); + log_error ("handler 0x%lx for fd %d FAILED nonce check\n", + (unsigned long) npth_self(), FD_DBG (ctrl->thread_startup.fd)); + assuan_sock_close (ctrl->thread_startup.fd); return NULL; } @@ -2894,8 +2895,9 @@ start_connection_thread_extra (void *arg) if (check_nonce (ctrl, &socket_nonce_extra)) { - log_error ("handler 0x%lx nonce check FAILED\n", - (unsigned long) npth_self()); + log_error ("handler 0x%lx for fd %d FAILED nonce check\n", + (unsigned long) npth_self(), FD_DBG (ctrl->thread_startup.fd)); + assuan_sock_close (ctrl->thread_startup.fd); return NULL; } @@ -2912,8 +2914,9 @@ start_connection_thread_browser (void *arg) if (check_nonce (ctrl, &socket_nonce_browser)) { - log_error ("handler 0x%lx nonce check FAILED\n", - (unsigned long) npth_self()); + log_error ("handler 0x%lx for fd %d FAILED nonce check\n", + (unsigned long) npth_self(), FD_DBG (ctrl->thread_startup.fd)); + assuan_sock_close (ctrl->thread_startup.fd); return NULL; } @@ -2929,7 +2932,10 @@ start_connection_thread_ssh (void *arg) ctrl_t ctrl = arg; if (check_nonce (ctrl, &socket_nonce_ssh)) - return NULL; + { + assuan_sock_close (ctrl->thread_startup.fd); + return NULL; + } active_connections++; agent_init_default_ctrl (ctrl); diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index cdad4f921..e99220fff 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -2259,7 +2259,8 @@ start_connection_thread (void *arg) if (check_nonce (fd, &socket_nonce)) { - log_error ("handler nonce check FAILED\n"); + log_error ("handler for fd %d FAILED nonce check\n", FD_DBG (fd)); + assuan_sock_close (fd); return NULL; } diff --git a/kbx/keyboxd.c b/kbx/keyboxd.c index 197f01c74..28e292e10 100644 --- a/kbx/keyboxd.c +++ b/kbx/keyboxd.c @@ -1448,8 +1448,9 @@ start_connection_thread (void *arg) if (check_nonce (ctrl, &socket_nonce)) { - log_error ("handler 0x%lx nonce check FAILED\n", - (unsigned long) npth_self()); + log_error ("handler 0x%lx for fd %d FAILED nonce check\n", + (unsigned long) npth_self(), FD_DBG (ctrl->thread_startup.fd)); + assuan_sock_close (ctrl->thread_startup.fd); return NULL; }