core: Do not leak the override session key to ps(1).

* src/engine-gpg.c (struct engine_gpg): New field override_session_key. (gpg_release): Free that field. (gpg_decrypt): With gnupg 2.1.16 use --override-session-key-fd. * tests/run-decrypt.c (main): Fix setting over the override key. -- Note that this works only with gnupg 2.1.16 and later. Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2016-11-16 09:12:19 +0000
committer: Werner Koch <[email protected]> 2016-11-16 09:15:31 +0000
commit: 9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8 (patch)
tree: 74981725e9d4761ca6cb9c497e5af2241e0ae2e9 /src
parent: doc,tests: Require use of ctx_flag before use of session_key. (diff)
download: gpgme-9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8.tar.gz
gpgme-9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8.zip
1 files changed, 29 insertions, 3 deletions
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 21ed5bc3..7afeb5ce 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -139,6 +139,9 @@ struct engine_gpg
 
   struct gpgme_io_cbs io_cbs;
   gpgme_pinentry_mode_t pinentry_mode;
+
+  /* NULL or the data object fed to --override_session_key-fd.  */
+  gpgme_data_t override_session_key;
 };
 
 typedef struct engine_gpg *engine_gpg_t;
@@ -441,6 +444,8 @@ gpg_release (void *engine)
   if (gpg->cmd.keyword)
     free (gpg->cmd.keyword);
 
+  gpgme_data_release (gpg->override_session_key);
+
   free (gpg);
 }
 
@@ -1563,9 +1568,30 @@ gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain,
 
   if (!err && override_session_key && *override_session_key)
     {
-      err = add_arg (gpg, "--override-session-key");
-      if (!err)
-        err = add_arg (gpg, override_session_key);
+      if (have_gpg_version (gpg, "2.1.16"))
+        {
+          gpgme_data_release (gpg->override_session_key);
+          TRACE2 (DEBUG_ENGINE, "override", gpg, "seskey='%s' len=%zu\n",
+                  override_session_key,
+                  strlen (override_session_key));
+
+          err = gpgme_data_new_from_mem (&gpg->override_session_key,
+                                         override_session_key,
+                                         strlen (override_session_key), 1);
+          if (!err)
+            {
+              err = add_arg (gpg, "--override-session-key-fd");
+              if (!err)
+                err = add_data (gpg, gpg->override_session_key, -2, 0);
+            }
+        }
+      else
+        {
+          /* Using that option may leak the session key via ps(1).  */
+          err = add_arg (gpg, "--override-session-key");
+          if (!err)
+            err = add_arg (gpg, override_session_key);
+        }
     }
 
   /* Tell the gpg object about the data.  */
author	Werner Koch <[email protected]>	2016-11-16 09:12:19 +0000
committer	Werner Koch <[email protected]>	2016-11-16 09:15:31 +0000
commit	9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8 (patch)
tree	74981725e9d4761ca6cb9c497e5af2241e0ae2e9 /src
parent	doc,tests: Require use of ctx_flag before use of session_key. (diff)
download	gpgme-9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8.tar.gz gpgme-9fc92a15bd0a30437a39d0eb28b6f40edc22e6e8.zip