* options.h, g10.c (main), plaintext.c (handle_plaintext): Add

--max-output option to help people deal with decompression bombs.
author: David Shaw <[email protected]> 2004-02-18 23:09:27 +0000
committer: David Shaw <[email protected]> 2004-02-18 23:09:27 +0000
commit: 6c13b96a1dd639d1f90f1c5f9aa13eca2f8f405a (patch)
tree: 9592c192312c2b486c3de3f39426aeb4fe0cde80 /g10/plaintext.c
parent: * gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER (diff)
download: gnupg-6c13b96a1dd639d1f90f1c5f9aa13eca2f8f405a.tar.gz
gnupg-6c13b96a1dd639d1f90f1c5f9aa13eca2f8f405a.zip
1 files changed, 69 insertions, 21 deletions
diff --git a/g10/plaintext.c b/g10/plaintext.c
index 6aad0ef5a..e057d3fae 100644
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <errno.h>
 #include <assert.h>
+#include <sys/types.h>
 #ifdef HAVE_DOSISH_SYSTEM
 #include <fcntl.h> /* for setmode() */
 #endif
@@ -52,6 +53,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 {
     char *fname = NULL;
     FILE *fp = NULL;
+    off_t count=0;
     int rc = 0;
     int c;
     int convert = pt->mode == 't';
@@ -164,14 +166,23 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 		if( c == '\r' )  /* convert to native line ending */
 		    continue;	 /* fixme: this hack might be too simple */
 #endif
-		if( fp ) {
-		    if( putc( c, fp ) == EOF ) {
+		if( fp )
+		  {
+		    if((count++)>opt.max_output)
+		      {
+			log_error("Error writing to `%s': %s\n",
+				  fname,"exceeded --max-output limit\n");
+			rc = G10ERR_WRITE_FILE;
+			goto leave;
+		      }
+		    else if( putc( c, fp ) == EOF )
+		      {
 			log_error("Error writing to `%s': %s\n",
 				  fname, strerror(errno) );
 			rc = G10ERR_WRITE_FILE;
 			goto leave;
-		    }
-		}
+		      }
+		  }
 	    }
 	}
 	else { /* binary mode */
@@ -188,15 +199,25 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 		}
 		if( mfx->md )
 		    md_write( mfx->md, buffer, len );
-		if( fp ) {
-		    if( fwrite( buffer, 1, len, fp ) != len ) {
+		if( fp )
+		  {
+		    if((count+=len)>opt.max_output)
+		      {
+			log_error("Error writing to `%s': %s\n",
+				  fname,"exceeded --max-output limit\n");
+			rc = G10ERR_WRITE_FILE;
+			m_free( buffer );
+			goto leave;
+		      }
+		    else if( fwrite( buffer, 1, len, fp ) != len )
+		      {
 			log_error("Error writing to `%s': %s\n",
 				  fname, strerror(errno) );
 			rc = G10ERR_WRITE_FILE;
 			m_free( buffer );
 			goto leave;
-		    }
-		}
+		      }
+		  }
 		pt->len -= len;
 	    }
 	    m_free( buffer );
@@ -211,14 +232,23 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 		if( convert && c == '\r' )
 		    continue; /* fixme: this hack might be too simple */
 #endif
-		if( fp ) {
-		    if( putc( c, fp ) == EOF ) {
+		if( fp )
+		  {
+		    if((count++)>opt.max_output)
+		      {
+			log_error("Error writing to `%s': %s\n",
+				  fname,"exceeded --max-output limit\n");
+			rc = G10ERR_WRITE_FILE;
+			goto leave;
+		      }
+		    else if( putc( c, fp ) == EOF )
+		      {
 			log_error("Error writing to `%s': %s\n",
 				  fname, strerror(errno) );
 			rc = G10ERR_WRITE_FILE;
 			goto leave;
-		    }
-		}
+		      }
+		  }
 	    }
 	}
 	else { /* binary mode */
@@ -238,15 +268,24 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 		    eof = 1;
 		if( mfx->md )
 		    md_write( mfx->md, buffer, len );
-		if( fp ) {
-		    if( fwrite( buffer, 1, len, fp ) != len ) {
+		if( fp )
+		  {
+		    if((count+=len)>opt.max_output)
+		      {
 			log_error("Error writing to `%s': %s\n",
-				  fname, strerror(errno) );
+				  fname,"exceeded --max-output limit\n");
 			rc = G10ERR_WRITE_FILE;
 			m_free( buffer );
 			goto leave;
+		      }
+		    else if( fwrite( buffer, 1, len, fp ) != len ) {
+		      log_error("Error writing to `%s': %s\n",
+				fname, strerror(errno) );
+		      rc = G10ERR_WRITE_FILE;
+		      m_free( buffer );
+		      goto leave;
 		    }
-		}
+		  }
 	    }
 	    m_free( buffer );
 	}
@@ -256,14 +295,23 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 	int state = 0;
 
 	while( (c = iobuf_get(pt->buf)) != -1 ) {
-	    if( fp ) {
-		if( putc( c, fp ) == EOF ) {
+	    if( fp )
+	      {
+		if((count++)>opt.max_output)
+		  {
 		    log_error("Error writing to `%s': %s\n",
-						fname, strerror(errno) );
+			      fname,"exceeded --max-output limit\n");
 		    rc = G10ERR_WRITE_FILE;
 		    goto leave;
-		}
-	    }
+		  }
+		else if( putc( c, fp ) == EOF )
+		  {
+		    log_error("Error writing to `%s': %s\n",
+			      fname, strerror(errno) );
+		    rc = G10ERR_WRITE_FILE;
+		    goto leave;
+		  }
+	      }
 	    if( !mfx->md )
 		continue;
 	    if( state == 2 ) {
author	David Shaw <[email protected]>	2004-02-18 23:09:27 +0000
committer	David Shaw <[email protected]>	2004-02-18 23:09:27 +0000
commit	6c13b96a1dd639d1f90f1c5f9aa13eca2f8f405a (patch)
tree	9592c192312c2b486c3de3f39426aeb4fe0cde80 /g10/plaintext.c
parent	* gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER (diff)
download	gnupg-6c13b96a1dd639d1f90f1c5f9aa13eca2f8f405a.tar.gz gnupg-6c13b96a1dd639d1f90f1c5f9aa13eca2f8f405a.zip