1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
From d31a26df7ce8d9c084b9c66fe00458683dde9864 Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@gnome.org>
Date: Thu, 28 Jun 2012 15:51:54 +0200
Subject: [PATCH] gpg-agent: Encode passwords when --data was requested
* Use URI encoding to return passwords when gnupg calls us with
a --data argument.
https://bugzilla.gnome.org/show_bug.cgi?id=678771
---
daemon/gpg-agent/gkd-gpg-agent-ops.c | 41 ++++++++++++++++++++++++++++++----
1 file changed, 37 insertions(+), 4 deletions(-)
diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c
index be6c4d3..a1a21ff 100644
--- a/daemon/gpg-agent/gkd-gpg-agent-ops.c
+++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c
@@ -632,11 +632,12 @@ command_has_option (gchar *command, gchar *option)
return has_option;
}
+static const char HEXC[] = "0123456789abcdef";
+
/* Encode a password in hex */
static gchar*
-encode_password (const gchar *pass)
+hex_encode_password (const gchar *pass)
{
- static const char HEXC[] = "0123456789abcdef";
int j, c;
gchar *enc, *k;
@@ -656,6 +657,36 @@ encode_password (const gchar *pass)
return enc;
}
+static gchar*
+uri_encode_password (const gchar *value)
+{
+ gchar *p;
+ gchar *result;
+
+ /* Just allocate for worst case */
+ result = egg_secure_alloc ((strlen (value) * 3) + 1);
+
+ /* Now loop through looking for escapes */
+ p = result;
+ while (*value) {
+
+ /* These characters we let through verbatim */
+ if (*value && (g_ascii_isalnum (*value) || strchr ("_-.", *value) != NULL)) {
+ *(p++) = *(value++);
+
+ /* All others get encoded */
+ } else {
+ *(p++) = '%';
+ *(p++) = HEXC[((unsigned char)*value) >> 4];
+ *(p++) = HEXC[((unsigned char)*value) & 0x0F];
+ ++value;
+ }
+ }
+
+ *p = 0;
+ return result;
+}
+
/* ----------------------------------------------------------------------------------
* OPERATIONS
*/
@@ -737,10 +768,12 @@ gkd_gpg_agent_ops_getpass (GkdGpgAgentCall *call, gchar *args)
if (password == NULL) {
gkd_gpg_agent_send_reply (call, FALSE, "111 cancelled");
} else if (flags & GKD_GPG_AGENT_PASS_AS_DATA) {
- gkd_gpg_agent_send_data (call, password);
+ encoded = uri_encode_password (password);
+ gkd_gpg_agent_send_data (call, encoded);
gkd_gpg_agent_send_reply (call, TRUE, NULL);
+ egg_secure_strfree (encoded);
} else {
- encoded = encode_password (password);
+ encoded = hex_encode_password (password);
gkd_gpg_agent_send_reply (call, TRUE, encoded);
egg_secure_strfree (encoded);
}
--
1.7.10.2
|
