* src/sign.c (gpgme_op_sign_result): Reformat and take care of failed
malloc.
--
Although _gpgme_debug_trace() is current always true, the code should
be run always and not just in trace mode. Also added error checking
to malloc and strdup. And while at replace some while by for loop for
easier readability.
* src/sign.c (gpgme_op_sign_result): Test that invalid and valid
signatures add up to gpgme_signers_count().
--
When invalid and valid signatures do not equal gpgme_signers_count() it
means that there was a bad passphrase during signing after the first
signer. This leaves the result.signatures from previous signers intact
which isn't correct since gpg will report:
gpg: number of one-pass packets does not match number of signature
packets
gpg: can't handle this ambiguous signature data
during verify. So when this happens append the valid signatures to the
.invalid_signers list with .reason set to GPG_ERR_GENERAL.
--
The --no-sk-comments flag is (or should be) a no-op in modern versions
of gnupg, but gpgme should still use its full form rather than the
(slightly) abbreviated --no-sk-comment
* src/engine-gpgsm.c (status_handler):
* src/engine-uiserver.c (status_handler):
--
After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded. Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order. This is not easy exploitable because libassuan constructs the
line. However a crash has been reported and thus it might be possible
to constructs an exploit.
CVE-id: CVE-2014-3564
Reported-by: Tomáš Trnka
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_SECRET): New.
* src/engine-gpg.c (gpg_keylist_build_options): Handle new mode.
* src/engine-gpgsm.c (gpgsm_keylist, gpgsm_keylist_ext): Ditto.
* src/keylist.c (parse_sec_field15): Add arg key and take care of
--with-secret output.
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Add
"with_secret". Print card info and and secret flag for subkeys.
--
Note: This mode may only be used with GnuPG >= 2.1.
* src/gpgme.h.in (struct _gpgme_subkey): Add field CURVE.
* src/key.c (gpgme_key_unref): Free CURVE.
* src/keylist.c (keylist_colon_handler): Set CURVE.
* src/gpgme.c (gpgme_release): For failsafe reasons reset engine and
engine info after freeing.
--
The engine hack is useful in case the other release functions
accidently call engine release.
* src/engine-spawn.c (engspawn_start): Allocate space for list
terminator.
* src/posix-util.c (walk_path): Fix trailing slash detection.
--
Kudos to Valgrind for pointing out these two problems.
The first is a plain allocation bug in a code pattern I have written
thousands of times - this time it went wrong. The allocation is not
user controlled thus not directly exploitable.
The second is missed to do what it intended to do. Found due to the
access of malloced but not initialized memory. Not using calloc
again proved to be helpful to detect logical error.
* src/w32-io.c (create_writer): Free CTX in cased of bad FD.
* src/w32-util.c (_gpgme_mkstemp): Free TMPNAME in case of a failed
mkstemp.
--
Found by Hans-Christoph Steiner with cppcheck.
* src/spawn.c (gpgme_op_spawn_start, gpgme_op_spawn): Pass FLAGS dow
to spawn_start and add FLAGS args along the call path.
* src/engine-spawn.c (engspawn_start): Hack to automagically provide
argv[0].
* src/posix-io.c (_gpgme_io_spawn): dup /dev/null also to unsued
stdout.
--
Better be sure that stdout of a spawned process is connected to stdout
so that the process does not run into a write error if it writes to
stdout. AFAICS we always use a connected stdout; thus this is only
for correctness.
* configure.ac: Add option --enable-fixed-path.
(FIXED_SEARCH_PATH): New ac_define.
* src/posix-util.c (walk_path): Make use of the option. Remove
current directory from fallback PATH.
--
Note that using this option PATH is entirely ignored by GPGME and only
the given value is used instead to locate the GnuPG binaries.
On Android the use of PATH is not desirable. Instead the GnuPG tools
are expected in a fixed directory. By using
./configure --enable-fixed-path="/foo/bar"
gpg et al are expected to be installed as /foo/bar/gpg. With
./configure --enable-fixed-path="/foo/bar:/bin"
gpg is expected as /foo/bar/gpg or /bin/gpg.
* gpgme.texi (Key Management): Document is_cardkey and card_number
members of gpgme_subkey_t.
(Decrypt): Remove description of the non-existent wrong_key_usage
member of gpgme_recipient_t.
(Verify): Document pka_address member of gpgme_signature_t.
(Creating a Signature): Add missing member names in
gpgme_new_signature_t.
(Registering I/O Callbacks): Fix reference of gpgme_io_cbs struct.
* src/dirinfo.c (WANT_GPG_ONE_MODE): New.
(struct dirinfo): Add field "gpg_one_mode".
(get_gpgconf_item): Set that field and return it if requested.
(_gpgme_in_gpg_one_mode): New.
* src/engine-gpg.c (build_argv): Check GPG_AGENT_INFO only in gpg-1
mode.
* src/dirinfo.c (_gpgme_get_basename): New.
* src/engine-g13.c (g13_new): Take argv[0] from the pgmname.
* src/engine-gpgsm.c (gpgsm_new): Ditto.
* src/engine-gpg.c (build_argv): Ditto. Add arg PGMNAME.
(start): Pass PGMNAME to buildargv.
