diff options
| author | Werner Koch <[email protected]> | 2023-06-15 14:02:28 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-06-16 09:01:38 +0000 |
| commit | 0fc31770fa6277c57940b774d4049d7a3ad148e8 (patch) | |
| tree | 2e4bc2ec8fd20c736159d0b0f0bbd6e5acfea6b3 | |
| parent | build: Fix listing m4 files. (diff) | |
| download | libassuan-0fc31770fa6277c57940b774d4049d7a3ad148e8.tar.gz libassuan-0fc31770fa6277c57940b774d4049d7a3ad148e8.zip | |
Flush data before clearing the confidential flag.
* src/context.c (assuan_end_confidential): Flush data.
--
This is required so that for example gpg-agent won't reveal a password
in a log file if requested via
get_passphrase --data X X X X
(Note that --data is required in any case because the default of
returing it with the OK line can't be secured).
| -rw-r--r-- | src/context.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/context.c b/src/context.c index 82166bb..01323f2 100644 --- a/src/context.c +++ b/src/context.c @@ -147,10 +147,12 @@ assuan_begin_confidential (assuan_context_t ctx) } -/* Same as assuan_set_flag (ctx, ASSUAN_CONFIDENTIAL, 0). */ +/* Same as assuan_set_flag (ctx, ASSUAN_CONFIDENTIAL, 0) but first + * flushes pending data. */ void assuan_end_confidential (assuan_context_t ctx) { + _assuan_cookie_write_flush (ctx); assuan_set_flag (ctx, ASSUAN_CONFIDENTIAL, 0); } |