core: Prevent wrong plaintext when verifying clearsigned signature

* src/engine-gpg.c (gpg_verify): Use a separate pipe instead of stdout
for reading the plaintext.

* tests/gpg/t-support.h (PGM): Define if undefined.
(print_data): Undefine BUF_SIZE.
(check_data): New.
* tests/gpg/t-verify.c (clearsigned_plus_key_block): New.
(main): Add test.
--

Reading the plaintext from stdout is a bad idea because gpg can also
print other stuff on stdout, e.g. the keys contained in a public key
block. This is fixed by reading the plaintext via a special pipe.

GnuPG-bug-id: 6622

1 files changed, 1 insertions, 3 deletions

diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 355d42fd..4314938e 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -3726,15 +3726,13 @@ gpg_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig,
       /* Normal or cleartext signature.  */
       err = add_arg (gpg, "--output");
       if (!err)
-	err = add_arg (gpg, "-");
+	err = add_data (gpg, plaintext, -1, 1);
       if (!err)
         err = add_input_size_hint (gpg, sig);
       if (!err)
 	err = add_arg (gpg, "--");
       if (!err)
 	err = add_file_name_arg_or_data (gpg, sig, -1, 0);
-      if (!err)
-	err = add_data (gpg, plaintext, 1, 1);
     }
   else
     {