From d31a26df7ce8d9c084b9c66fe00458683dde9864 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 28 Jun 2012 15:51:54 +0200 Subject: [PATCH] gpg-agent: Encode passwords when --data was requested * Use URI encoding to return passwords when gnupg calls us with a --data argument. https://bugzilla.gnome.org/show_bug.cgi?id=678771 --- daemon/gpg-agent/gkd-gpg-agent-ops.c | 41 ++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c index be6c4d3..a1a21ff 100644 --- a/daemon/gpg-agent/gkd-gpg-agent-ops.c +++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c @@ -632,11 +632,12 @@ command_has_option (gchar *command, gchar *option) return has_option; } +static const char HEXC[] = "0123456789abcdef"; + /* Encode a password in hex */ static gchar* -encode_password (const gchar *pass) +hex_encode_password (const gchar *pass) { - static const char HEXC[] = "0123456789abcdef"; int j, c; gchar *enc, *k; @@ -656,6 +657,36 @@ encode_password (const gchar *pass) return enc; } +static gchar* +uri_encode_password (const gchar *value) +{ + gchar *p; + gchar *result; + + /* Just allocate for worst case */ + result = egg_secure_alloc ((strlen (value) * 3) + 1); + + /* Now loop through looking for escapes */ + p = result; + while (*value) { + + /* These characters we let through verbatim */ + if (*value && (g_ascii_isalnum (*value) || strchr ("_-.", *value) != NULL)) { + *(p++) = *(value++); + + /* All others get encoded */ + } else { + *(p++) = '%'; + *(p++) = HEXC[((unsigned char)*value) >> 4]; + *(p++) = HEXC[((unsigned char)*value) & 0x0F]; + ++value; + } + } + + *p = 0; + return result; +} + /* ---------------------------------------------------------------------------------- * OPERATIONS */ @@ -737,10 +768,12 @@ gkd_gpg_agent_ops_getpass (GkdGpgAgentCall *call, gchar *args) if (password == NULL) { gkd_gpg_agent_send_reply (call, FALSE, "111 cancelled"); } else if (flags & GKD_GPG_AGENT_PASS_AS_DATA) { - gkd_gpg_agent_send_data (call, password); + encoded = uri_encode_password (password); + gkd_gpg_agent_send_data (call, encoded); gkd_gpg_agent_send_reply (call, TRUE, NULL); + egg_secure_strfree (encoded); } else { - encoded = encode_password (password); + encoded = hex_encode_password (password); gkd_gpg_agent_send_reply (call, TRUE, encoded); egg_secure_strfree (encoded); } -- 1.7.10.2