You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Daniel Shahaf <d....@daniel.shahaf.name> on 2011/07/25 22:20:47 UTC

Re: svn commit: r1150875 - /subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c

This function uses p in two places now, don't you need to re-initialize
it to NULL before the second usage?

stsp@apache.org wrote on Mon, Jul 25, 2011 at 20:07:30 -0000:
> Author: stsp
> Date: Mon Jul 25 20:07:30 2011
> New Revision: 1150875
> 
> URL: http://svn.apache.org/viewvc?rev=1150875&view=rev
> Log:
> * subversion/libsvn_auth_gpg_agent/gpg_agent.c
>   (password_get_gpg_agent): Verify that the agent shares our idea about
>    which socket we used to connect to the agent. The GPG-Agent documentation
>    says that clients should refuse to connect to an agent with a socket
>    name that differs from the client's configuration.
> 
> Modified:
>     subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
> 
> Modified: subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c
> URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c?rev=1150875&r1=1150874&r2=1150875&view=diff
> ==============================================================================
> --- subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c (original)
> +++ subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c Mon Jul 25 20:07:30 2011
> @@ -136,7 +136,7 @@ password_get_gpg_agent(const char **pass
>    char *buffer;
>    
>    apr_array_header_t *socket_details;
> -  char *request = NULL;
> +  const char *request = NULL;
>    const char *cache_id = NULL;
>    struct sockaddr_un addr;
>    const char *tty_name;
> @@ -191,6 +191,47 @@ password_get_gpg_agent(const char **pass
>        return FALSE;
>      }
>  
> +  /* The GPG-Agent documentation says:
> +   *  "Clients should deny to access an agent with a socket name which does
> +   *   not match its own configuration". */
> +  request = "GETINFO socket_name\n";
> +  if (write(sd, request, strlen(request)) == -1)
> +    {
> +      close(sd);
> +      return FALSE;
> +    }
> +  if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
> +    {
> +      close(sd);
> +      return FALSE;
> +    }
> +  if (strncmp(buffer, "D", 1) == 0)
> +    p = &buffer[2];
> +  if (!p)
> +    {
> +      close(sd);
> +      return FALSE;
> +    }
> +  ep = strchr(p, '\n');
> +  if (ep != NULL)
> +    *ep = '\0';
> +  if (strcmp(socket_name, p) != 0)
> +    {
> +      close(sd);
> +      return FALSE;
> +    }
> +  /* The agent will terminate its reponse with "OK". */
> +  if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
> +    {
> +      close(sd);
> +      return FALSE;
> +    }
> +  if (strncmp(buffer, "OK", 2) != 0)
> +    {
> +      close(sd);
> +      return FALSE;
> +    }
> +
>    /* Send TTY_NAME to the gpg-agent daemon. */
>    tty_name = getenv("GPG_TTY");
>    if (tty_name != NULL)
> 
>

Re: svn commit: r1150875 - /subversion/trunk/subversion/libsvn_auth_gpg_agent/gpg_agent.c

Posted by Stefan Sperling <st...@elego.de>.

On Mon, Jul 25, 2011 at 11:20:47PM +0300, Daniel Shahaf wrote:
> This function uses p in two places now, don't you need to re-initialize
> it to NULL before the second usage?

Quite right. r1150884, thanks!