diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2022-04-22 06:33:45 +0200 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-04-22 06:33:45 +0200 |
| commit | e529c54fe3a83c1108347363a793c1cb9b790175 (patch) | |
| tree | 63b026b851cbe44a816e6d6f61d411d62412611a /agent | |
| parent | scd: Don't inhibit SSH authentication for larger data if it can. (diff) | |
| download | gnupg2-e529c54fe3a83c1108347363a793c1cb9b790175.tar.xz gnupg2-e529c54fe3a83c1108347363a793c1cb9b790175.zip | |
agent: Not writing password into file.
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.
--
GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'agent')
| -rw-r--r-- | agent/genkey.c | 55 |
1 files changed, 20 insertions, 35 deletions
diff --git a/agent/genkey.c b/agent/genkey.c index 0c91ab41a..fc6ce0a26 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -97,7 +97,7 @@ do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags) { gpg_error_t err = 0; const char *pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CHECK_PATTERN); - FILE *infp; + estream_t stream_to_check_pattern = NULL; const char *argv[10]; pid_t pid; int result, i; @@ -135,27 +135,6 @@ do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags) return 1; /* Do not pass the check. */ } - infp = gnupg_tmpfile (); - if (!infp) - { - err = gpg_error_from_syserror (); - log_error (_("error creating temporary file: %s\n"), gpg_strerror (err)); - xfree (patternfname); - return 1; /* Error - assume password should not be used. */ - } - - if (fwrite (pw, strlen (pw), 1, infp) != 1) - { - err = gpg_error_from_syserror (); - log_error (_("error writing to temporary file: %s\n"), - gpg_strerror (err)); - fclose (infp); - xfree (patternfname); - return 1; /* Error - assume password should not be used. */ - } - fseek (infp, 0, SEEK_SET); - clearerr (infp); - i = 0; argv[i++] = "--null"; argv[i++] = "--", @@ -163,21 +142,27 @@ do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags) argv[i] = NULL; log_assert (i < sizeof argv); - if (gnupg_spawn_process_fd (pgmname, argv, fileno (infp), -1, -1, &pid)) + if (gnupg_spawn_process (pgmname, argv, NULL, NULL, 0, + &stream_to_check_pattern, NULL, NULL, &pid)) result = 1; /* Execute error - assume password should no be used. */ - else if (gnupg_wait_process (pgmname, pid, 1, NULL)) - result = 1; /* Helper returned an error - probably a match. */ else - result = 0; /* Success; i.e. no match. */ - gnupg_release_process (pid); - - /* Overwrite our temporary file. */ - fseek (infp, 0, SEEK_SET); - clearerr (infp); - for (i=((strlen (pw)+99)/100)*100; i > 0; i--) - putc ('\xff', infp); - fflush (infp); - fclose (infp); + { + es_set_binary (stream_to_check_pattern); + if (es_fwrite (pw, strlen (pw), 1, stream_to_check_pattern) != 1) + { + err = gpg_error_from_syserror (); + log_error (_("error writing to pipe: %s\n"), gpg_strerror (err)); + result = 1; /* Error - assume password should not be used. */ + } + else + es_fflush (stream_to_check_pattern); + es_fclose (stream_to_check_pattern); + if (gnupg_wait_process (pgmname, pid, 1, NULL)) + result = 1; /* Helper returned an error - probably a match. */ + else + result = 0; /* Success; i.e. no match. */ + gnupg_release_process (pid); + } xfree (patternfname); return result; |