security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-09-19 14:41:41 +02:00
Code Activity

scd: Restrict use of DEVINFO --watch command for socket connection.

Browse Source 
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2024-06-26 11:13:05 +09:00
parent f4e3ee61b8
commit d98521b934
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
scd/app.c
View File

@ -484,7 +484,7 @@ app_dump_state (void)
* *
* With KEEP_LOOPING=0, it only outputs once. * With KEEP_LOOPING=0, it only outputs once.
* With KEEP_LOOPING<0, it keeps looping, until it detects no device. * With KEEP_LOOPING<0, it keeps looping, until it detects no device.
* With KEEP_LOOPING>0, it keeps looping forever. * With KEEP_LOOPING>0, it keeps looping forever (until connection close).
*/ */
gpg_error_t gpg_error_t
app_send_devinfo (ctrl_t ctrl, int keep_looping) app_send_devinfo (ctrl_t ctrl, int keep_looping)
@ -493,6 +493,13 @@ app_send_devinfo (ctrl_t ctrl, int keep_looping)
app_t a; app_t a;
int no_device; int no_device;
/* The connection from client should be by a socket. This is needed
for Windows using the select function. And it's not good to use
the primary pipe connection of gpg-agent for watching
devinfo. */
if (keep_looping && ctrl->thread_startup.fd == GNUPG_INVALID_FD)
return gpg_error (GPG_ERR_INV_HANDLE);
card_list_w_lock (); card_list_w_lock ();
while (1) while (1)
{ {