Flush data before clearing the confidential flag.

* src/context.c (assuan_end_confidential): Flush data. -- This is required so that for example gpg-agent won't reveal a password in a log file if requested via get_passphrase --data X X X X (Note that --data is required in any case because the default of returing it with the OK line can't be secured).
author: Werner Koch <[email protected]> 2023-06-15 14:02:28 +0000
committer: Werner Koch <[email protected]> 2023-06-15 14:02:40 +0000
commit: 049b8001f163ebae1a44056989f06f489c59349d (patch)
tree: b3a650fdfe4664143a6cf390bad43ccd8e0cde21 /src/context.c
parent: w32: Fix closing for non-socket HANDLE. (diff)
download: libassuan-049b8001f163ebae1a44056989f06f489c59349d.tar.gz
libassuan-049b8001f163ebae1a44056989f06f489c59349d.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/context.c b/src/context.c
index e41b60b..78b4eb5 100644
--- a/src/context.c
+++ b/src/context.c
@@ -149,10 +149,12 @@ assuan_begin_confidential (assuan_context_t ctx)
 }
 
 
-/* Same as assuan_set_flag (ctx, ASSUAN_CONFIDENTIAL, 0).  */
+/* Same as assuan_set_flag (ctx, ASSUAN_CONFIDENTIAL, 0) but first
+ * flushes pending data.  */
 void
 assuan_end_confidential (assuan_context_t ctx)
 {
+  _assuan_cookie_write_flush (ctx);
   assuan_set_flag (ctx, ASSUAN_CONFIDENTIAL, 0);
 }
author	Werner Koch <[email protected]>	2023-06-15 14:02:28 +0000
committer	Werner Koch <[email protected]>	2023-06-15 14:02:40 +0000
commit	049b8001f163ebae1a44056989f06f489c59349d (patch)
tree	b3a650fdfe4664143a6cf390bad43ccd8e0cde21 /src/context.c
parent	w32: Fix closing for non-socket HANDLE. (diff)
download	libassuan-049b8001f163ebae1a44056989f06f489c59349d.tar.gz libassuan-049b8001f163ebae1a44056989f06f489c59349d.zip