From a9b28c79e92f6194ea52c7d33213f2a0dc9bd013 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Fri, 28 Jul 2023 16:15:12 +0200
Subject: core: Prevent wrong plaintext when verifying clearsigned signature

* src/engine-gpg.c (gpg_verify): Use a separate pipe instead of stdout
for reading the plaintext.

* tests/gpg/t-support.h (PGM): Define if undefined.
(print_data): Undefine BUF_SIZE.
(check_data): New.
* tests/gpg/t-verify.c (clearsigned_plus_key_block): New.
(main): Add test.
--

Reading the plaintext from stdout is a bad idea because gpg can also
print other stuff on stdout, e.g. the keys contained in a public key
block. This is fixed by reading the plaintext via a special pipe.

GnuPG-bug-id: 6622
---
 src/engine-gpg.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'src/engine-gpg.c')

diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 355d42fd..4314938e 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -3726,15 +3726,13 @@ gpg_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig,
       /* Normal or cleartext signature.  */
       err = add_arg (gpg, "--output");
       if (!err)
-	err = add_arg (gpg, "-");
+	err = add_data (gpg, plaintext, -1, 1);
       if (!err)
         err = add_input_size_hint (gpg, sig);
       if (!err)
 	err = add_arg (gpg, "--");
       if (!err)
 	err = add_file_name_arg_or_data (gpg, sig, -1, 0);
-      if (!err)
-	err = add_data (gpg, plaintext, 1, 1);
     }
   else
     {
-- 
cgit v1.2.3