From d98521b934ec6a5abb0ad18e39a26009a8806c52 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 26 Jun 2024 11:13:05 +0900
Subject: [PATCH] scd: Restrict use of DEVINFO --watch command for socket
 connection.

* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 scd/app.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/scd/app.c b/scd/app.c
index fe94cdcbd..926ab7925 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -484,7 +484,7 @@ app_dump_state (void)
  *
  * With KEEP_LOOPING=0, it only outputs once.
  * With KEEP_LOOPING<0, it keeps looping, until it detects no device.
- * With KEEP_LOOPING>0, it keeps looping forever.
+ * With KEEP_LOOPING>0, it keeps looping forever (until connection close).
  */
 gpg_error_t
 app_send_devinfo (ctrl_t ctrl, int keep_looping)
@@ -493,6 +493,13 @@ app_send_devinfo (ctrl_t ctrl, int keep_looping)
   app_t a;
   int no_device;
 
+  /* The connection from client should be by a socket.  This is needed
+     for Windows using the select function.  And it's not good to use
+     the primary pipe connection of gpg-agent for watching
+     devinfo.  */
+  if (keep_looping && ctrl->thread_startup.fd == GNUPG_INVALID_FD)
+    return gpg_error (GPG_ERR_INV_HANDLE);
+
   card_list_w_lock ();
   while (1)
     {