1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Justus Winter 6823ed4658
gpg,common: Make sure that all fd given are valid.
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--

Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.

During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.

In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).

This is a potential data destruction issue for all writable file
descriptor options:

   --status-fd
   --attribute-fd
   --logger-fd

It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:

   --override-session-key-fd
   --passphrase-fd
   --command-fd

Fixes this by checking whether the fd is valid early on before using
it.

GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-08 14:28:49 +01:00
..
2006-05-16 09:54:41 +00:00
2017-01-31 18:49:27 +01:00
2004-02-17 15:07:27 +00:00
2002-01-29 15:46:55 +00:00
2002-01-29 15:46:55 +00:00
2002-01-29 15:46:55 +00:00
2002-01-29 15:46:55 +00:00
2002-01-29 15:46:55 +00:00
2002-01-29 15:46:55 +00:00
2002-01-29 15:46:55 +00:00
2002-01-29 15:46:55 +00:00
2009-02-19 16:19:16 +00:00
2002-04-15 17:15:21 +00:00
2016-12-20 16:51:38 +01:00
2011-02-04 12:57:53 +01:00