From 067bc2ed4c842eb8975bd68f58fc804e3bd74dcd Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Tue, 11 Jul 2023 13:49:41 +0900 Subject: gpg: Move the check by is_secured_file earlier. * g10/decrypt.c (decrypt_message_fd): Call is_secured_file here. * g10/plaintext.c (get_output_file): Remove the call. -- Fixes-commit: 71625f56fd98ab37bc05f1806b4b49a2e418ac37 GnuPG-bug-id: 6580 Signed-off-by: NIIBE Yutaka --- g10/decrypt.c | 12 ++++++++++++ g10/plaintext.c | 8 +------- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/g10/decrypt.c b/g10/decrypt.c index 64ba0b7f1..0c2c51617 100644 --- a/g10/decrypt.c +++ b/g10/decrypt.c @@ -139,6 +139,18 @@ decrypt_message_fd (ctrl_t ctrl, gnupg_fd_t input_fd, return err; } + if (is_secured_file (output_fd)) + { + char xname[64]; + + err = gpg_error (GPG_ERR_EPERM); + snprintf (xname, sizeof xname, "[fd %d]", (int)(intptr_t)output_fd); + log_error (_("can't open '%s': %s\n"), xname, gpg_strerror (err)); + iobuf_close (fp); + release_progress_context (pfx); + return err; + } + opt.outfp = open_stream_nc (output_fd, "w"); if (!opt.outfp) { diff --git a/g10/plaintext.c b/g10/plaintext.c index 9544ddf03..03ddadcec 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -145,13 +145,7 @@ get_output_file (const byte *embedded_name, int embedded_namelen, } } - if (opt.outfp && is_secured_file (es_fileno (opt.outfp))) - { - err = gpg_error (GPG_ERR_EPERM); - log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); - goto leave; - } - else if (fp || nooutput) + if (fp || nooutput) ; else if (is_secured_filename (fname)) { -- cgit v1.2.3