diff options
| author | Werner Koch <[email protected]> | 2018-06-06 13:46:24 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-06-06 13:46:34 +0000 |
| commit | 344b548dc71657d0285d93f78f17a2663b5e586f (patch) | |
| tree | 6914e4308f78961eaa9d06373ed1d624a2a75ef7 | |
| parent | gpg: New command --show-keys. (diff) | |
| download | gnupg-344b548dc71657d0285d93f78f17a2663b5e586f.tar.gz gnupg-344b548dc71657d0285d93f78f17a2663b5e586f.zip | |
gpg: Also detect a plaintext packet before an encrypted packet.
* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--
Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line. We fail only later to get more information. Callers
need to check and act upon the decryption error code anyway.
Thanks to Marcus for pointing out this case.
GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | g10/mainproc.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index 5689d73a8..d2ceec2fd 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -615,6 +615,14 @@ static void proc_encrypted (CTX c, PACKET *pkt) { int result = 0; + int early_plaintext = literals_seen; + + if (early_plaintext) + { + log_info (_("WARNING: multiple plaintexts seen\n")); + write_status_errcode ("decryption.early_plaintext", GPG_ERR_BAD_DATA); + /* We fail only later so that we can print some more info first. */ + } if (!opt.quiet) { @@ -734,6 +742,10 @@ proc_encrypted (CTX c, PACKET *pkt) if (!result) result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek ); + /* Trigger the deferred error. */ + if (!result && early_plaintext) + result = gpg_error (GPG_ERR_BAD_DATA); + if (result == -1) ; else if (!result |