diff options
| author | NIIBE Yutaka <[email protected]> | 2022-06-23 00:57:26 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2022-06-23 00:57:26 +0000 |
| commit | 26d5a6e862c68bf7355ade48e036732fb52561e9 (patch) | |
| tree | 72ad2f337e7c79cc2056842f2e5528d1c581c868 | |
| parent | agent: Fix KEYATTR command for --delete option. (diff) | |
| download | gnupg-26d5a6e862c68bf7355ade48e036732fb52561e9.tar.gz gnupg-26d5a6e862c68bf7355ade48e036732fb52561e9.zip | |
agent: KEYATTR only allows access to attribute.
* agent/command.c (cmd_keyattr): Check the ATTRNAME.
--
GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | agent/command.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/agent/command.c b/agent/command.c index 3c17a53ad..7f42b9979 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1229,6 +1229,14 @@ cmd_keyattr (assuan_context_t ctx, char *line) goto leave; } + if (!strcmp (argv[1], "Key:") /* It allows only access to attribute */ + /* Make sure ATTRNAME ends with colon. */ + || argv[1][strlen (argv[1]) - 1] != ':') + { + err = gpg_error (GPG_ERR_INV_PARAMETER); + goto leave; + } + err = parse_keygrip (ctx, argv[0], grip); if (err) goto leave; |