You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2011/07/25 22:07:30 UTC
svn commit: r1150875 -
/subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Author: stsp
Date: Mon Jul 25 20:07:30 2011
New Revision: 1150875
URL: http://svn.apache.org/viewvc?rev=1150875&view=rev
Log:
* subversion/libsvn_auth_gpg_agent/gpg_agent.c
(password_get_gpg_agent): Verify that the agent shares our idea about
which socket we used to connect to the agent. The GPG-Agent documentation
says that clients should refuse to connect to an agent with a socket
name that differs from the client's configuration.
Modified:
subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Modified: subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c?rev=1150875&r1=1150874&r2=1150875&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c (original)
+++ subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c Mon Jul 25 20:07:30 2011
@@ -136,7 +136,7 @@ password_get_gpg_agent(const char **pass
char *buffer;
apr_array_header_t *socket_details;
- char *request = NULL;
+ const char *request = NULL;
const char *cache_id = NULL;
struct sockaddr_un addr;
const char *tty_name;
@@ -191,6 +191,47 @@ password_get_gpg_agent(const char **pass
return FALSE;
}
+ /* The GPG-Agent documentation says:
+ * "Clients should deny to access an agent with a socket name which does
+ * not match its own configuration". */
+ request = "GETINFO socket_name\n";
+ if (write(sd, request, strlen(request)) == -1)
+ {
+ close(sd);
+ return FALSE;
+ }
+ if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
+ {
+ close(sd);
+ return FALSE;
+ }
+ if (strncmp(buffer, "D", 1) == 0)
+ p = &buffer[2];
+ if (!p)
+ {
+ close(sd);
+ return FALSE;
+ }
+ ep = strchr(p, '\n');
+ if (ep != NULL)
+ *ep = '\0';
+ if (strcmp(socket_name, p) != 0)
+ {
+ close(sd);
+ return FALSE;
+ }
+ /* The agent will terminate its reponse with "OK". */
+ if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
+ {
+ close(sd);
+ return FALSE;
+ }
+ if (strncmp(buffer, "OK", 2) != 0)
+ {
+ close(sd);
+ return FALSE;
+ }
+
/* Send TTY_NAME to the gpg-agent daemon. */
tty_name = getenv("GPG_TTY");
if (tty_name != NULL)
Re: svn commit: r1150875 -
/subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Posted by Stefan Sperling <st...@elego.de>.
On Mon, Jul 25, 2011 at 11:20:47PM +0300, Daniel Shahaf wrote:
> This function uses p in two places now, don't you need to re-initialize
> it to NULL before the second usage?
Quite right. r1150884, thanks!
Re: svn commit: r1150875 -
/subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
This function uses p in two places now, don't you need to re-initialize
it to NULL before the second usage?
stsp@apache.org wrote on Mon, Jul 25, 2011 at 20:07:30 -0000:
> Author: stsp
> Date: Mon Jul 25 20:07:30 2011
> New Revision: 1150875
>
> URL: http://svn.apache.org/viewvc?rev=1150875&view=rev
> Log:
> * subversion/libsvn_auth_gpg_agent/gpg_agent.c
> (password_get_gpg_agent): Verify that the agent shares our idea about
> which socket we used to connect to the agent. The GPG-Agent documentation
> says that clients should refuse to connect to an agent with a socket
> name that differs from the client's configuration.
>
> Modified:
> subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
>
> Modified: subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
> URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c?rev=1150875&r1=1150874&r2=1150875&view=diff
> ==============================================================================
> --- subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c (original)
> +++ subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c Mon Jul 25 20:07:30 2011
> @@ -136,7 +136,7 @@ password_get_gpg_agent(const char **pass
> char *buffer;
>
> apr_array_header_t *socket_details;
> - char *request = NULL;
> + const char *request = NULL;
> const char *cache_id = NULL;
> struct sockaddr_un addr;
> const char *tty_name;
> @@ -191,6 +191,47 @@ password_get_gpg_agent(const char **pass
> return FALSE;
> }
>
> + /* The GPG-Agent documentation says:
> + * "Clients should deny to access an agent with a socket name which does
> + * not match its own configuration". */
> + request = "GETINFO socket_name\n";
> + if (write(sd, request, strlen(request)) == -1)
> + {
> + close(sd);
> + return FALSE;
> + }
> + if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
> + {
> + close(sd);
> + return FALSE;
> + }
> + if (strncmp(buffer, "D", 1) == 0)
> + p = &buffer[2];
> + if (!p)
> + {
> + close(sd);
> + return FALSE;
> + }
> + ep = strchr(p, '\n');
> + if (ep != NULL)
> + *ep = '\0';
> + if (strcmp(socket_name, p) != 0)
> + {
> + close(sd);
> + return FALSE;
> + }
> + /* The agent will terminate its reponse with "OK". */
> + if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
> + {
> + close(sd);
> + return FALSE;
> + }
> + if (strncmp(buffer, "OK", 2) != 0)
> + {
> + close(sd);
> + return FALSE;
> + }
> +
> /* Send TTY_NAME to the gpg-agent daemon. */
> tty_name = getenv("GPG_TTY");
> if (tty_name != NULL)
>
>
Re: svn commit: r1150875 -
/subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
This function uses p in two places now, don't you need to re-initialize
it to NULL before the second usage?
stsp@apache.org wrote on Mon, Jul 25, 2011 at 20:07:30 -0000:
> Author: stsp
> Date: Mon Jul 25 20:07:30 2011
> New Revision: 1150875
>
> URL: http://svn.apache.org/viewvc?rev=1150875&view=rev
> Log:
> * subversion/libsvn_auth_gpg_agent/gpg_agent.c
> (password_get_gpg_agent): Verify that the agent shares our idea about
> which socket we used to connect to the agent. The GPG-Agent documentation
> says that clients should refuse to connect to an agent with a socket
> name that differs from the client's configuration.
>
> Modified:
> subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
>
> Modified: subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
> URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c?rev=1150875&r1=1150874&r2=1150875&view=diff
> ==============================================================================
> --- subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c (original)
> +++ subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c Mon Jul 25 20:07:30 2011
> @@ -136,7 +136,7 @@ password_get_gpg_agent(const char **pass
> char *buffer;
>
> apr_array_header_t *socket_details;
> - char *request = NULL;
> + const char *request = NULL;
> const char *cache_id = NULL;
> struct sockaddr_un addr;
> const char *tty_name;
> @@ -191,6 +191,47 @@ password_get_gpg_agent(const char **pass
> return FALSE;
> }
>
> + /* The GPG-Agent documentation says:
> + * "Clients should deny to access an agent with a socket name which does
> + * not match its own configuration". */
> + request = "GETINFO socket_name\n";
> + if (write(sd, request, strlen(request)) == -1)
> + {
> + close(sd);
> + return FALSE;
> + }
> + if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
> + {
> + close(sd);
> + return FALSE;
> + }
> + if (strncmp(buffer, "D", 1) == 0)
> + p = &buffer[2];
> + if (!p)
> + {
> + close(sd);
> + return FALSE;
> + }
> + ep = strchr(p, '\n');
> + if (ep != NULL)
> + *ep = '\0';
> + if (strcmp(socket_name, p) != 0)
> + {
> + close(sd);
> + return FALSE;
> + }
> + /* The agent will terminate its reponse with "OK". */
> + if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
> + {
> + close(sd);
> + return FALSE;
> + }
> + if (strncmp(buffer, "OK", 2) != 0)
> + {
> + close(sd);
> + return FALSE;
> + }
> +
> /* Send TTY_NAME to the gpg-agent daemon. */
> tty_name = getenv("GPG_TTY");
> if (tty_name != NULL)
>
>