Justus Winter
6823ed4658
gpg,common: Make sure that all fd given are valid. ...
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--
Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.
During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.
In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).
This is a potential data destruction issue for all writable file
descriptor options:
--status-fd
--attribute-fd
--logger-fd
It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:
--override-session-key-fd
--passphrase-fd
--command-fd
Fixes this by checking whether the fd is valid early on before using
it.
GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-08 14:28:49 +01:00
2016-11-05 12:02:19 +01:00
2017-01-23 19:16:55 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-08 16:01:53 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2015-10-28 10:20:17 +01:00
2014-01-29 17:45:05 +01:00
2015-04-24 16:42:28 +02:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2011-02-04 12:57:53 +01:00
2016-11-05 12:02:19 +01:00
2017-01-06 18:47:53 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2017-01-19 14:58:23 +01:00
2016-11-05 12:02:19 +01:00
2011-02-04 12:57:53 +01:00
2016-11-05 12:02:19 +01:00
2014-03-12 18:35:36 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2017-01-19 10:39:06 +01:00
2016-11-05 12:02:19 +01:00
2013-05-07 21:35:48 +02:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-12-14 16:41:18 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2015-11-17 12:50:22 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-29 16:54:36 +01:00
2016-11-29 16:54:36 +01:00
2015-12-14 16:21:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2017-02-08 14:28:49 +01:00
2017-01-11 10:42:44 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-12-19 09:41:15 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2011-02-04 12:57:53 +01:00
2011-02-04 12:57:53 +01:00
2011-02-04 12:57:53 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-12-02 19:47:40 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-03-02 14:27:30 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2017-02-08 14:28:49 +01:00
2017-02-08 14:28:49 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-12-20 18:39:30 +01:00
2017-01-12 10:39:19 +01:00
2016-11-05 12:02:19 +01:00
2017-01-02 13:29:18 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2017-01-05 20:43:40 +01:00
2016-11-05 12:02:19 +01:00
2017-01-17 10:19:06 +01:00
2017-01-17 10:19:06 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-12-14 16:41:18 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2017-01-23 19:16:55 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
2016-11-05 12:02:19 +01:00
6823ed4658