gpg: Make really sure that --verify-files always returns an error.

* g10/verify.c (verify_files): Track the first error code.
--

It seems to be possible to play tricks with packet structures so that
log_error is not used for a bad input data.  By actually checking the
return code and let the main driver in gpg call log_error, we can fix
this case.

Note that using gpg --verify-files and relying solely on gpg's return
code is at best a questionable strategy.  It is for example impossible
to tell which data has been signed.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 13 insertions, 5 deletions

diff --git a/g10/verify.c b/g10/verify.c
index 73ac4bad8..fc18882b0 100644
--- a/g10/verify.c
+++ b/g10/verify.c
@@ -191,7 +191,8 @@ verify_one_file (ctrl_t ctrl, const char *name )
 int
 verify_files (ctrl_t ctrl, int nfiles, char **files )
 {
-    int i;
+    int i, rc;
+    int first_rc = 0;
 
     if( !nfiles ) { /* read the filenames from stdin */
 	char line[2048];
@@ -203,19 +204,26 @@ verify_files (ctrl_t ctrl, int nfiles, char **files )
 		log_error(_("input line %u too long or missing LF\n"), lno );
 		return GPG_ERR_GENERAL;
 	    }
-	    /* This code does not work on MSDOS but how cares there are
+	    /* This code does not work on MSDOS but hwo cares there are
 	     * also no script languages available.  We don't strip any
 	     * spaces, so that we can process nearly all filenames */
 	    line[strlen(line)-1] = 0;
-	    verify_one_file (ctrl, line );
+	    rc = verify_one_file (ctrl, line);
+            if (!first_rc)
+              first_rc = rc;
 	}
 
     }
     else {  /* take filenames from the array */
 	for(i=0; i < nfiles; i++ )
-            verify_one_file (ctrl, files[i] );
+          {
+            rc = verify_one_file (ctrl, files[i]);
+            if (!first_rc)
+              first_rc = rc;
+          }
     }
-    return 0;
+
+    return first_rc;
 }