From c710af223cc2476d5f4d46c00d8e0521f6c13211 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Mon, 3 Jan 2022 14:55:49 +0100
Subject: [PATCH] core: Check for unsupported export mode flags

src/engine-gpgsm.c (gpgsm_export, gpgsm_export_ext): Return error if an
unsupported mode flag is set.
--

The minimal mode flag has no effect for X.509 certificates, but we still
treat it as supported (as documented in the API documentation).

GnuPG-bug-id: 5757
---
 src/engine-gpgsm.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index 0347f640..182f6a39 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1512,6 +1512,12 @@ gpgsm_export (void *engine, const char *pattern, gpgme_export_mode_t mode,
   if (!gpgsm)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if ((mode & ~(GPGME_EXPORT_MODE_SECRET
+                |GPGME_EXPORT_MODE_MINIMAL
+                |GPGME_EXPORT_MODE_RAW
+                |GPGME_EXPORT_MODE_PKCS12)))
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
   if (!pattern)
     pattern = "";
 
@@ -1559,6 +1565,12 @@ gpgsm_export_ext (void *engine, const char *pattern[], gpgme_export_mode_t mode,
   if (!gpgsm)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if ((mode & ~(GPGME_EXPORT_MODE_SECRET
+                |GPGME_EXPORT_MODE_MINIMAL
+                |GPGME_EXPORT_MODE_RAW
+                |GPGME_EXPORT_MODE_PKCS12)))
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
   if (pattern && *pattern)
     {
       const char **pat = pattern;