From 067bc2ed4c842eb8975bd68f58fc804e3bd74dcd Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 11 Jul 2023 13:49:41 +0900
Subject: gpg: Move the check by is_secured_file earlier.

* g10/decrypt.c (decrypt_message_fd): Call is_secured_file here.
* g10/plaintext.c (get_output_file): Remove the call.

--

Fixes-commit: 71625f56fd98ab37bc05f1806b4b49a2e418ac37
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/decrypt.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'g10/decrypt.c')

diff --git a/g10/decrypt.c b/g10/decrypt.c
index 64ba0b7f1..0c2c51617 100644
--- a/g10/decrypt.c
+++ b/g10/decrypt.c
@@ -139,6 +139,18 @@ decrypt_message_fd (ctrl_t ctrl, gnupg_fd_t input_fd,
       return err;
     }
 
+  if (is_secured_file (output_fd))
+    {
+      char xname[64];
+
+      err = gpg_error (GPG_ERR_EPERM);
+      snprintf (xname, sizeof xname, "[fd %d]", (int)(intptr_t)output_fd);
+      log_error (_("can't open '%s': %s\n"), xname, gpg_strerror (err));
+      iobuf_close (fp);
+      release_progress_context (pfx);
+      return err;
+    }
+
   opt.outfp = open_stream_nc (output_fd, "w");
   if (!opt.outfp)
     {
-- 
cgit v1.2.3