/src/gnupg/g10/plaintext.c
Line | Count | Source |
1 | | /* plaintext.c - process plaintext packets |
2 | | * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, |
3 | | * 2006, 2009, 2010 Free Software Foundation, Inc. |
4 | | * |
5 | | * This file is part of GnuPG. |
6 | | * |
7 | | * GnuPG is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation; either version 3 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * GnuPG is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
19 | | */ |
20 | | |
21 | | #include <config.h> |
22 | | #include <stdio.h> |
23 | | #include <stdlib.h> |
24 | | #include <string.h> |
25 | | #include <errno.h> |
26 | | #include <sys/types.h> |
27 | | #ifdef HAVE_DOSISH_SYSTEM |
28 | | # include <fcntl.h> /* for setmode() */ |
29 | | #endif |
30 | | |
31 | | #include "gpg.h" |
32 | | #include "../common/util.h" |
33 | | #include "options.h" |
34 | | #include "packet.h" |
35 | | #include "../common/ttyio.h" |
36 | | #include "filter.h" |
37 | | #include "main.h" |
38 | | #include "../common/status.h" |
39 | | #include "../common/i18n.h" |
40 | | |
41 | | |
42 | | /* Get the output filename. On success, the actual filename that is |
43 | | used is set in *FNAMEP and a filepointer is returned in *FP. |
44 | | |
45 | | EMBEDDED_NAME AND EMBEDDED_NAMELEN are normally stored in a |
46 | | plaintext packet. EMBEDDED_NAMELEN should not include any NUL |
47 | | terminator (EMBEDDED_NAME does not need to be NUL terminated). |
48 | | |
49 | | DATA is the iobuf containing the input data. We just use it to get |
50 | | the input file's filename. |
51 | | |
52 | | On success, the caller is responsible for calling xfree on *FNAMEP |
53 | | and calling es_close on *FPP. */ |
54 | | static gpg_error_t |
55 | | get_output_file (const byte *embedded_name, int embedded_namelen, |
56 | | iobuf_t data, struct pfg *pfg) |
57 | 1 | { |
58 | 1 | gpg_error_t err = 0; |
59 | 1 | char *fname = NULL; |
60 | 1 | char *fname_part = NULL; |
61 | 1 | estream_t fp = NULL; |
62 | 1 | int nooutput = 0; |
63 | 1 | int using_file = 0; |
64 | | |
65 | | /* Create the filename as C string. */ |
66 | 1 | if (opt.outfp) |
67 | 0 | { |
68 | 0 | fname = xtrystrdup ("[FP]"); |
69 | 0 | if (!fname) |
70 | 0 | { |
71 | 0 | err = gpg_error_from_syserror (); |
72 | 0 | goto leave; |
73 | 0 | } |
74 | 0 | } |
75 | 1 | else if (opt.outfile |
76 | 0 | && !(opt.flags.use_embedded_filename && opt.flags.dummy_outfile)) |
77 | 0 | { |
78 | 0 | fname = xtrystrdup (opt.outfile); |
79 | 0 | if (!fname) |
80 | 0 | { |
81 | 0 | err = gpg_error_from_syserror (); |
82 | 0 | goto leave; |
83 | 0 | } |
84 | 0 | } |
85 | 1 | else if (embedded_namelen == 8 && !memcmp (embedded_name, "_CONSOLE", 8)) |
86 | 0 | { |
87 | 0 | log_info (_("data not saved; use option \"--output\" to save it\n")); |
88 | 0 | nooutput = 1; |
89 | 0 | } |
90 | 1 | else if (!opt.flags.use_embedded_filename) |
91 | 1 | { |
92 | 1 | if (data) |
93 | 1 | fname = make_outfile_name (iobuf_get_real_fname (data)); |
94 | 1 | if (!fname) |
95 | 0 | fname = ask_outfile_name (embedded_name, embedded_namelen); |
96 | 1 | if (!fname) |
97 | 0 | { |
98 | 0 | err = gpg_error (GPG_ERR_GENERAL); /* Can't create file. */ |
99 | 0 | goto leave; |
100 | 0 | } |
101 | 1 | } |
102 | 0 | else |
103 | 0 | fname = utf8_to_native (embedded_name, embedded_namelen, 0); |
104 | | |
105 | 1 | if (nooutput) |
106 | 0 | ; |
107 | 1 | else if (opt.outfp) |
108 | 0 | { |
109 | 0 | fp = opt.outfp; |
110 | 0 | es_set_binary (fp); |
111 | 0 | } |
112 | 1 | else if (iobuf_is_pipe_filename (fname) || !*fname) |
113 | 0 | { |
114 | | /* Special file name, no filename, or "-" given; write to the |
115 | | * file descriptor or to stdout. */ |
116 | 0 | gnupg_fd_t fd; |
117 | 0 | char xname[64]; |
118 | |
|
119 | 0 | fd = gnupg_check_special_filename (fname); |
120 | 0 | if (fd == GNUPG_INVALID_FD) |
121 | 0 | { |
122 | | /* Not a special filename, thus we want stdout. */ |
123 | 0 | fp = es_stdout; |
124 | 0 | es_set_binary (fp); |
125 | 0 | } |
126 | 0 | else if (!(fp = open_stream_nc (fd, "wb"))) |
127 | 0 | { |
128 | 0 | err = gpg_error_from_syserror (); |
129 | 0 | snprintf (xname, sizeof xname, "[fd %d]", FD_DBG (fd)); |
130 | 0 | log_error (_("can't open '%s': %s\n"), xname, gpg_strerror (err)); |
131 | 0 | goto leave; |
132 | 0 | } |
133 | 0 | } |
134 | 1 | else |
135 | 1 | { |
136 | 1 | while (!overwrite_filep (fname)) |
137 | 0 | { |
138 | 0 | char *tmp = ask_outfile_name (NULL, 0); |
139 | 0 | if (!tmp || !*tmp) |
140 | 0 | { |
141 | 0 | xfree (tmp); |
142 | 0 | err = gpg_error (GPG_ERR_EEXIST); |
143 | 0 | goto leave; |
144 | 0 | } |
145 | 0 | xfree (fname); |
146 | 0 | fname = tmp; |
147 | 0 | } |
148 | 1 | } |
149 | | |
150 | 1 | if (fp || nooutput) |
151 | 0 | ; |
152 | 1 | else if (is_secured_filename (fname)) |
153 | 0 | { |
154 | 0 | gpg_err_set_errno (EPERM); |
155 | 0 | err = gpg_error_from_syserror (); |
156 | 0 | log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); |
157 | 0 | goto leave; |
158 | 0 | } |
159 | 1 | else |
160 | 1 | { |
161 | 1 | char *filename; |
162 | | |
163 | 1 | if ((opt.compat_flags & COMPAT_NO_PARTIALFILEGUARD)) |
164 | 0 | filename = fname; |
165 | 1 | else |
166 | 1 | { |
167 | 1 | filename = xstrconcat (fname, ".part", NULL); |
168 | 1 | if (!filename) |
169 | 0 | { |
170 | 0 | err = gpg_error_from_syserror (); |
171 | 0 | log_error ("error building .part filename '%s': %s\n", |
172 | 0 | fname, gpg_strerror (err)); |
173 | 0 | goto leave; |
174 | 0 | } |
175 | 1 | fname_part = filename; |
176 | 1 | } |
177 | | |
178 | 1 | if (!(fp = es_fopen (filename, "wb"))) |
179 | 0 | { |
180 | 0 | err = gpg_error_from_syserror (); |
181 | 0 | log_error (_("error creating '%s': %s\n"), filename, |
182 | 0 | gpg_strerror (err)); |
183 | 0 | goto leave; |
184 | 0 | } |
185 | 1 | using_file = 1; |
186 | 1 | } |
187 | | |
188 | 1 | leave: |
189 | 1 | if (err) |
190 | 0 | { |
191 | 0 | if (fp && fp != es_stdout && fp != opt.outfp) |
192 | 0 | es_fclose (fp); |
193 | 0 | xfree (fname); |
194 | 0 | xfree (fname_part); |
195 | 0 | return err; |
196 | 0 | } |
197 | | |
198 | 1 | pfg->using_file = using_file; |
199 | 1 | pfg->fname_part = fname_part; |
200 | 1 | pfg->fname = fname; |
201 | 1 | pfg->fp = fp; |
202 | 1 | return 0; |
203 | 1 | } |
204 | | |
205 | | |
206 | | gpg_error_t |
207 | | pfg_open_file (const byte *embedded_name, int embedded_namelen, |
208 | | iobuf_t data, struct pfg *pfg) |
209 | 1 | { |
210 | 1 | return get_output_file (embedded_name, embedded_namelen, data, pfg); |
211 | 1 | } |
212 | | |
213 | | void |
214 | | pfg_close_file (struct pfg *pfg, gpg_error_t err) |
215 | 1 | { |
216 | 1 | if (err) |
217 | 0 | { |
218 | 0 | gpgrt_fcancel (pfg->fp); |
219 | 0 | if (pfg->using_file) |
220 | 0 | { |
221 | 0 | const char *fname; |
222 | |
|
223 | 0 | if (pfg->fname_part) |
224 | 0 | fname = pfg->fname_part; |
225 | 0 | else |
226 | 0 | fname = pfg->fname; |
227 | |
|
228 | 0 | if (opt.verbose) |
229 | 0 | log_info (_("Note: partial file '%s' removed\n"), fname); |
230 | |
|
231 | 0 | gnupg_remove (fname); |
232 | 0 | } |
233 | 0 | } |
234 | 1 | else |
235 | 1 | { |
236 | 1 | if (es_fclose (pfg->fp)) |
237 | 0 | { |
238 | 0 | err = gpg_error_from_syserror (); |
239 | 0 | log_error ("error closing '%s': %s\n", |
240 | 0 | pfg->fname_part ? pfg->fname_part : pfg->fname, |
241 | 0 | gpg_strerror (err)); |
242 | 0 | } |
243 | | |
244 | 1 | if (pfg->fname_part) |
245 | 1 | gnupg_register_partial_file (pfg->fname_part, pfg->fname); |
246 | 1 | } |
247 | | |
248 | 1 | xfree (pfg->fname); |
249 | 1 | xfree (pfg->fname_part); |
250 | 1 | } |
251 | | |
252 | | |
253 | | /* Handle a plaintext packet. If MFX is not NULL, update the MDs |
254 | | * Note: We should have used the filter stuff here, but we have to add |
255 | | * some easy mimic to set a read limit, so we calculate only the bytes |
256 | | * from the plaintext. */ |
257 | | int |
258 | | handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx, |
259 | | int nooutput, int clearsig) |
260 | 1 | { |
261 | 1 | char *fname = NULL; |
262 | 1 | estream_t fp = NULL; |
263 | 1 | static off_t count = 0; |
264 | 1 | int err = 0; |
265 | 1 | int c; |
266 | 1 | int convert; |
267 | 1 | struct pfg pfg; |
268 | | |
269 | 1 | if (pt->mode == 't' || pt->mode == 'u' || pt->mode == 'm') |
270 | 0 | convert = pt->mode; |
271 | 1 | else |
272 | 1 | convert = 0; |
273 | | |
274 | | /* Let people know what the plaintext info is. This allows the |
275 | | receiving program to try and do something different based on the |
276 | | format code (say, recode UTF-8 to local). */ |
277 | 1 | if (!nooutput && is_status_enabled ()) |
278 | 0 | { |
279 | 0 | char status[50]; |
280 | | |
281 | | /* Better make sure that stdout has been flushed in case the |
282 | | output will be written to it. This is to make sure that no |
283 | | not-yet-flushed stuff will be written after the plaintext |
284 | | status message. */ |
285 | 0 | es_fflush (es_stdout); |
286 | |
|
287 | 0 | snprintf (status, sizeof status, |
288 | 0 | "%X %lu ", (byte) pt->mode, (ulong) pt->timestamp); |
289 | 0 | write_status_text_and_buffer (STATUS_PLAINTEXT, |
290 | 0 | status, pt->name, pt->namelen, 0); |
291 | |
|
292 | 0 | if (!pt->is_partial) |
293 | 0 | { |
294 | 0 | snprintf (status, sizeof status, "%lu", (ulong) pt->len); |
295 | 0 | write_status_text (STATUS_PLAINTEXT_LENGTH, status); |
296 | 0 | } |
297 | 0 | } |
298 | | |
299 | 1 | if (! nooutput) |
300 | 1 | { |
301 | 1 | err = pfg_open_file (pt->name, pt->namelen, pt->buf, &pfg); |
302 | 1 | if (err) |
303 | 0 | goto leave; |
304 | 1 | fp = pfg.fp; |
305 | 1 | fname = pfg.fname; |
306 | 1 | } |
307 | | |
308 | 1 | if (!pt->is_partial) |
309 | 0 | { |
310 | | /* We have an actual length (which might be zero). */ |
311 | |
|
312 | 0 | if (clearsig) |
313 | 0 | { |
314 | 0 | log_error ("clearsig encountered while not expected\n"); |
315 | 0 | err = gpg_error (GPG_ERR_UNEXPECTED); |
316 | 0 | goto leave; |
317 | 0 | } |
318 | | |
319 | 0 | if (convert) /* Text mode. */ |
320 | 0 | { |
321 | 0 | for (; pt->len; pt->len--) |
322 | 0 | { |
323 | 0 | if ((c = iobuf_get (pt->buf)) == -1) |
324 | 0 | { |
325 | 0 | err = iobuf_error (pt->buf); |
326 | 0 | if (!err) |
327 | 0 | err = gpg_error_from_syserror (); |
328 | 0 | log_error ("problem reading source (%u bytes remaining)\n", |
329 | 0 | (unsigned) pt->len); |
330 | 0 | goto leave; |
331 | 0 | } |
332 | 0 | if (mfx->md) |
333 | 0 | gcry_md_putc (mfx->md, c); |
334 | 0 | #ifndef HAVE_DOSISH_SYSTEM |
335 | | /* Convert to native line ending. */ |
336 | | /* fixme: this hack might be too simple */ |
337 | 0 | if (c == '\r' && convert != 'm') |
338 | 0 | continue; |
339 | 0 | #endif |
340 | 0 | if (fp) |
341 | 0 | { |
342 | 0 | if (opt.max_output && (++count) > opt.max_output) |
343 | 0 | { |
344 | 0 | log_error ("error writing to '%s': %s\n", |
345 | 0 | fname, "exceeded --max-output limit\n"); |
346 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
347 | 0 | goto leave; |
348 | 0 | } |
349 | 0 | else if (es_putc (c, fp) == EOF) |
350 | 0 | { |
351 | 0 | if (es_ferror (fp)) |
352 | 0 | err = gpg_error_from_syserror (); |
353 | 0 | else |
354 | 0 | err = gpg_error (GPG_ERR_EOF); |
355 | 0 | log_error ("error writing to '%s': %s\n", |
356 | 0 | fname, gpg_strerror (err)); |
357 | 0 | goto leave; |
358 | 0 | } |
359 | 0 | } |
360 | 0 | } |
361 | 0 | } |
362 | 0 | else /* Binary mode. */ |
363 | 0 | { |
364 | 0 | size_t temp_size = iobuf_set_buffer_size(0) * 1024; |
365 | 0 | byte *buffer; |
366 | |
|
367 | 0 | if (fp) |
368 | 0 | { |
369 | | /* Disable buffering in estream as we are passing large |
370 | | * buffers to es_fwrite. */ |
371 | 0 | es_setbuf (fp, NULL); |
372 | 0 | } |
373 | |
|
374 | 0 | buffer = xmalloc (temp_size); |
375 | 0 | if (!buffer) |
376 | 0 | { |
377 | 0 | err = gpg_error_from_syserror (); |
378 | 0 | goto leave; |
379 | 0 | } |
380 | | |
381 | 0 | while (pt->len) |
382 | 0 | { |
383 | 0 | int len = pt->len > temp_size ? temp_size : pt->len; |
384 | 0 | len = iobuf_read (pt->buf, buffer, len); |
385 | 0 | if (len == -1) |
386 | 0 | { |
387 | 0 | err = iobuf_error (pt->buf); |
388 | 0 | if (!err) |
389 | 0 | err = gpg_error_from_syserror (); |
390 | 0 | log_error ("problem reading source (%u bytes remaining)\n", |
391 | 0 | (unsigned) pt->len); |
392 | 0 | xfree (buffer); |
393 | 0 | goto leave; |
394 | 0 | } |
395 | 0 | if (mfx->md) |
396 | 0 | gcry_md_write (mfx->md, buffer, len); |
397 | 0 | if (fp) |
398 | 0 | { |
399 | 0 | if (opt.max_output && (count += len) > opt.max_output) |
400 | 0 | { |
401 | 0 | log_error ("error writing to '%s': %s\n", |
402 | 0 | fname, "exceeded --max-output limit\n"); |
403 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
404 | 0 | xfree (buffer); |
405 | 0 | goto leave; |
406 | 0 | } |
407 | 0 | else if (es_fwrite (buffer, 1, len, fp) != len) |
408 | 0 | { |
409 | 0 | err = gpg_error_from_syserror (); |
410 | 0 | log_error ("error writing to '%s': %s\n", |
411 | 0 | fname, gpg_strerror (err)); |
412 | 0 | xfree (buffer); |
413 | 0 | goto leave; |
414 | 0 | } |
415 | 0 | } |
416 | 0 | pt->len -= len; |
417 | 0 | } |
418 | 0 | xfree (buffer); |
419 | 0 | } |
420 | | |
421 | | /* Even if all data can be read successfully, by the AEAD tag |
422 | | * checking at last, it may be failed. */ |
423 | 0 | if ((err = iobuf_error (pt->buf))) |
424 | 0 | log_error ("problem reading source: %s\n", gpg_strerror (err)); |
425 | 0 | pt->buf = NULL; |
426 | 0 | } |
427 | 1 | else if (!clearsig) |
428 | 1 | { |
429 | 1 | if (convert) |
430 | 0 | { /* text mode */ |
431 | 0 | while ((c = iobuf_get (pt->buf)) != -1) |
432 | 0 | { |
433 | 0 | if (mfx->md) |
434 | 0 | gcry_md_putc (mfx->md, c); |
435 | 0 | #ifndef HAVE_DOSISH_SYSTEM |
436 | 0 | if (c == '\r' && convert != 'm') |
437 | 0 | continue; /* fixme: this hack might be too simple */ |
438 | 0 | #endif |
439 | 0 | if (fp) |
440 | 0 | { |
441 | 0 | if (opt.max_output && (++count) > opt.max_output) |
442 | 0 | { |
443 | 0 | log_error ("Error writing to '%s': %s\n", |
444 | 0 | fname, "exceeded --max-output limit\n"); |
445 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
446 | 0 | goto leave; |
447 | 0 | } |
448 | 0 | else if (es_putc (c, fp) == EOF) |
449 | 0 | { |
450 | 0 | if (es_ferror (fp)) |
451 | 0 | err = gpg_error_from_syserror (); |
452 | 0 | else |
453 | 0 | err = gpg_error (GPG_ERR_EOF); |
454 | 0 | log_error ("error writing to '%s': %s\n", |
455 | 0 | fname, gpg_strerror (err)); |
456 | 0 | goto leave; |
457 | 0 | } |
458 | 0 | } |
459 | 0 | } |
460 | 0 | if ((err = iobuf_error (pt->buf))) |
461 | 0 | log_error ("problem reading source: %s\n", gpg_strerror (err)); |
462 | 0 | } |
463 | 1 | else |
464 | 1 | { /* binary mode */ |
465 | 1 | size_t temp_size = iobuf_set_buffer_size(0) * 1024; |
466 | 1 | byte *buffer; |
467 | 1 | int eof_seen = 0; |
468 | | |
469 | 1 | if (fp) |
470 | 1 | { |
471 | | /* Disable buffering in estream as we are passing large |
472 | | * buffers to es_fwrite. */ |
473 | 1 | es_setbuf (fp, NULL); |
474 | 1 | } |
475 | | |
476 | 1 | buffer = xtrymalloc (temp_size); |
477 | 1 | if (!buffer) |
478 | 0 | { |
479 | 0 | err = gpg_error_from_syserror (); |
480 | 0 | goto leave; |
481 | 0 | } |
482 | | |
483 | 1 | while (!eof_seen) |
484 | 1 | { |
485 | | /* Why do we check for len < temp_size: |
486 | | * If we won't, we would practically read 2 EOFs but |
487 | | * the first one has already popped the block_filter |
488 | | * off and therefore we don't catch the boundary. |
489 | | * So, always assume EOF if iobuf_read returns less bytes |
490 | | * then requested */ |
491 | 1 | int len = iobuf_read (pt->buf, buffer, temp_size); |
492 | 1 | if (len == -1) |
493 | 1 | break; |
494 | 0 | if (len < temp_size) |
495 | 0 | eof_seen = 1; |
496 | 0 | if (mfx->md) |
497 | 0 | gcry_md_write (mfx->md, buffer, len); |
498 | 0 | if (fp) |
499 | 0 | { |
500 | 0 | if (opt.max_output && (count += len) > opt.max_output) |
501 | 0 | { |
502 | 0 | log_error ("error writing to '%s': %s\n", |
503 | 0 | fname, "exceeded --max-output limit\n"); |
504 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
505 | 0 | xfree (buffer); |
506 | 0 | goto leave; |
507 | 0 | } |
508 | 0 | else if (es_fwrite (buffer, 1, len, fp) != len) |
509 | 0 | { |
510 | 0 | err = gpg_error_from_syserror (); |
511 | 0 | log_error ("error writing to '%s': %s\n", |
512 | 0 | fname, gpg_strerror (err)); |
513 | 0 | xfree (buffer); |
514 | 0 | goto leave; |
515 | 0 | } |
516 | 0 | } |
517 | 0 | } |
518 | 1 | if ((err = iobuf_error (pt->buf))) |
519 | 1 | log_error ("problem reading source: %s\n", gpg_strerror (err)); |
520 | 1 | xfree (buffer); |
521 | 1 | } |
522 | 1 | pt->buf = NULL; |
523 | 1 | } |
524 | 0 | else /* Clear text signature - don't hash the last CR,LF. */ |
525 | 0 | { |
526 | 0 | int state = 0; |
527 | |
|
528 | 0 | while ((c = iobuf_get (pt->buf)) != -1) |
529 | 0 | { |
530 | 0 | if (fp) |
531 | 0 | { |
532 | 0 | if (opt.max_output && (++count) > opt.max_output) |
533 | 0 | { |
534 | 0 | log_error ("error writing to '%s': %s\n", |
535 | 0 | fname, "exceeded --max-output limit\n"); |
536 | 0 | err = gpg_error (GPG_ERR_TOO_LARGE); |
537 | 0 | goto leave; |
538 | 0 | } |
539 | 0 | else if (es_putc (c, fp) == EOF) |
540 | 0 | { |
541 | 0 | err = gpg_error_from_syserror (); |
542 | 0 | log_error ("error writing to '%s': %s\n", |
543 | 0 | fname, gpg_strerror (err)); |
544 | 0 | goto leave; |
545 | 0 | } |
546 | 0 | } |
547 | 0 | if (!mfx->md) |
548 | 0 | continue; |
549 | 0 | if (state == 2) |
550 | 0 | { |
551 | 0 | gcry_md_putc (mfx->md, '\r'); |
552 | 0 | gcry_md_putc (mfx->md, '\n'); |
553 | 0 | state = 0; |
554 | 0 | } |
555 | 0 | if (!state) |
556 | 0 | { |
557 | 0 | if (c == '\r') |
558 | 0 | state = 1; |
559 | 0 | else if (c == '\n') |
560 | 0 | state = 2; |
561 | 0 | else |
562 | 0 | gcry_md_putc (mfx->md, c); |
563 | 0 | } |
564 | 0 | else if (state == 1) |
565 | 0 | { |
566 | 0 | if (c == '\n') |
567 | 0 | state = 2; |
568 | 0 | else |
569 | 0 | { |
570 | 0 | gcry_md_putc (mfx->md, '\r'); |
571 | 0 | if (c == '\r') |
572 | 0 | state = 1; |
573 | 0 | else |
574 | 0 | { |
575 | 0 | state = 0; |
576 | 0 | gcry_md_putc (mfx->md, c); |
577 | 0 | } |
578 | 0 | } |
579 | 0 | } |
580 | 0 | } |
581 | 0 | if ((err = iobuf_error (pt->buf))) |
582 | 0 | log_error ("problem reading source: %s\n", gpg_strerror (err)); |
583 | 0 | pt->buf = NULL; |
584 | 0 | } |
585 | | |
586 | 1 | if (fp && fp != es_stdout && fp != opt.outfp) |
587 | 1 | pfg_close_file (&pfg, err); |
588 | 1 | fp = NULL; |
589 | | |
590 | 1 | leave: |
591 | | /* Make sure that stdout gets flushed after the plaintext has been |
592 | | handled. This is for extra security as we do a flush anyway |
593 | | before checking the signature. */ |
594 | 1 | if (es_fflush (es_stdout)) |
595 | 0 | { |
596 | | /* We need to check the return code to detect errors like disk |
597 | | full for short plaintexts. See bug#1207. Checking return |
598 | | values is a good idea in any case. */ |
599 | 0 | if (!err) |
600 | 0 | err = gpg_error_from_syserror (); |
601 | 0 | log_error ("error flushing '%s': %s\n", "[stdout]", |
602 | 0 | gpg_strerror (err)); |
603 | 0 | } |
604 | | |
605 | 1 | if (fp && fp != es_stdout && fp != opt.outfp) |
606 | 0 | pfg_close_file (&pfg, err); |
607 | 1 | return err; |
608 | 1 | } |
609 | | |
610 | | |
611 | | static void |
612 | | do_hash (gcry_md_hd_t md, gcry_md_hd_t md2, IOBUF fp, int textmode) |
613 | 0 | { |
614 | 0 | text_filter_context_t tfx; |
615 | 0 | int c; |
616 | |
|
617 | 0 | if (textmode) |
618 | 0 | { |
619 | 0 | memset (&tfx, 0, sizeof tfx); |
620 | 0 | iobuf_push_filter (fp, text_filter, &tfx); |
621 | 0 | } |
622 | 0 | if (md2) |
623 | 0 | { /* work around a strange behaviour in pgp2 */ |
624 | | /* It seems that at least PGP5 converts a single CR to a CR,LF too */ |
625 | 0 | int lc = -1; |
626 | 0 | while ((c = iobuf_get (fp)) != -1) |
627 | 0 | { |
628 | 0 | if (c == '\n' && lc == '\r') |
629 | 0 | gcry_md_putc (md2, c); |
630 | 0 | else if (c == '\n') |
631 | 0 | { |
632 | 0 | gcry_md_putc (md2, '\r'); |
633 | 0 | gcry_md_putc (md2, c); |
634 | 0 | } |
635 | 0 | else if (c != '\n' && lc == '\r') |
636 | 0 | { |
637 | 0 | gcry_md_putc (md2, '\n'); |
638 | 0 | gcry_md_putc (md2, c); |
639 | 0 | } |
640 | 0 | else |
641 | 0 | gcry_md_putc (md2, c); |
642 | |
|
643 | 0 | if (md) |
644 | 0 | gcry_md_putc (md, c); |
645 | 0 | lc = c; |
646 | 0 | } |
647 | 0 | } |
648 | 0 | else |
649 | 0 | { |
650 | 0 | size_t temp_size = iobuf_set_buffer_size(0) * 1024; |
651 | 0 | byte *buffer = xmalloc (temp_size); |
652 | 0 | int ret; |
653 | |
|
654 | 0 | while ((ret = iobuf_read (fp, buffer, temp_size)) != -1) |
655 | 0 | { |
656 | 0 | if (md) |
657 | 0 | gcry_md_write (md, buffer, ret); |
658 | 0 | } |
659 | |
|
660 | 0 | xfree (buffer); |
661 | 0 | } |
662 | 0 | } |
663 | | |
664 | | |
665 | | /**************** |
666 | | * Ask for the detached datafile and calculate the digest from it. |
667 | | * INFILE is the name of the input file. |
668 | | */ |
669 | | int |
670 | | ask_for_detached_datafile (gcry_md_hd_t md, gcry_md_hd_t md2, |
671 | | const char *inname, int textmode) |
672 | 0 | { |
673 | 0 | progress_filter_context_t *pfx; |
674 | 0 | char *answer = NULL; |
675 | 0 | IOBUF fp; |
676 | 0 | int rc = 0; |
677 | |
|
678 | 0 | pfx = new_progress_context (); |
679 | 0 | fp = open_sigfile (inname, pfx); /* Open default file. */ |
680 | |
|
681 | 0 | if (!fp && !opt.batch) |
682 | 0 | { |
683 | 0 | int any = 0; |
684 | 0 | tty_printf (_("Detached signature.\n")); |
685 | 0 | do |
686 | 0 | { |
687 | 0 | char *name; |
688 | |
|
689 | 0 | xfree (answer); |
690 | 0 | tty_enable_completion (NULL); |
691 | 0 | name = cpr_get ("detached_signature.filename", |
692 | 0 | _("Please enter name of data file: ")); |
693 | 0 | tty_disable_completion (); |
694 | 0 | cpr_kill_prompt (); |
695 | 0 | answer = make_filename (name, (void *) NULL); |
696 | 0 | xfree (name); |
697 | |
|
698 | 0 | if (any && !*answer) |
699 | 0 | { |
700 | 0 | rc = gpg_error (GPG_ERR_GENERAL); /*G10ERR_READ_FILE */ |
701 | 0 | goto leave; |
702 | 0 | } |
703 | 0 | fp = iobuf_open (answer); |
704 | 0 | if (fp && is_secured_file (iobuf_get_fd (fp))) |
705 | 0 | { |
706 | 0 | iobuf_close (fp); |
707 | 0 | fp = NULL; |
708 | 0 | gpg_err_set_errno (EPERM); |
709 | 0 | } |
710 | 0 | if (!fp && errno == ENOENT) |
711 | 0 | { |
712 | 0 | tty_printf ("No such file, try again or hit enter to quit.\n"); |
713 | 0 | any++; |
714 | 0 | } |
715 | 0 | else if (!fp) |
716 | 0 | { |
717 | 0 | rc = gpg_error_from_syserror (); |
718 | 0 | log_error (_("can't open '%s': %s\n"), answer, |
719 | 0 | strerror (errno)); |
720 | 0 | goto leave; |
721 | 0 | } |
722 | 0 | } |
723 | 0 | while (!fp); |
724 | 0 | } |
725 | | |
726 | 0 | if (!fp) |
727 | 0 | { |
728 | 0 | if (opt.verbose) |
729 | 0 | log_info (_("reading stdin ...\n")); |
730 | 0 | fp = iobuf_open (NULL); |
731 | 0 | log_assert (fp); |
732 | 0 | } |
733 | 0 | do_hash (md, md2, fp, textmode); |
734 | 0 | iobuf_close (fp); |
735 | |
|
736 | 0 | leave: |
737 | 0 | xfree (answer); |
738 | 0 | release_progress_context (pfx); |
739 | 0 | return rc; |
740 | 0 | } |
741 | | |
742 | | |
743 | | |
744 | | /* Hash the given files and append the hash to hash contexts MD and |
745 | | * MD2. If FILES is NULL, stdin is hashed. */ |
746 | | int |
747 | | hash_datafiles (gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files, |
748 | | const char *sigfilename, int textmode) |
749 | 0 | { |
750 | 0 | progress_filter_context_t *pfx; |
751 | 0 | IOBUF fp; |
752 | 0 | strlist_t sl; |
753 | |
|
754 | 0 | pfx = new_progress_context (); |
755 | |
|
756 | 0 | if (!files) |
757 | 0 | { |
758 | | /* Check whether we can open the signed material. We avoid |
759 | | trying to open a file if run in batch mode. This assumed |
760 | | data file for a sig file feature is just a convenience thing |
761 | | for the command line and the user needs to read possible |
762 | | warning messages. */ |
763 | 0 | if (!opt.batch) |
764 | 0 | { |
765 | 0 | fp = open_sigfile (sigfilename, pfx); |
766 | 0 | if (fp) |
767 | 0 | { |
768 | 0 | do_hash (md, md2, fp, textmode); |
769 | 0 | iobuf_close (fp); |
770 | 0 | release_progress_context (pfx); |
771 | 0 | return 0; |
772 | 0 | } |
773 | 0 | } |
774 | 0 | log_error (_("no signed data\n")); |
775 | 0 | release_progress_context (pfx); |
776 | 0 | return gpg_error (GPG_ERR_NO_DATA); |
777 | 0 | } |
778 | | |
779 | | |
780 | 0 | for (sl = files; sl; sl = sl->next) |
781 | 0 | { |
782 | 0 | fp = iobuf_open (sl->d); |
783 | 0 | if (fp && is_secured_file (iobuf_get_fd (fp))) |
784 | 0 | { |
785 | 0 | iobuf_close (fp); |
786 | 0 | fp = NULL; |
787 | 0 | gpg_err_set_errno (EPERM); |
788 | 0 | } |
789 | 0 | if (!fp) |
790 | 0 | { |
791 | 0 | int rc = gpg_error_from_syserror (); |
792 | 0 | log_error (_("can't open signed data '%s'\n"), |
793 | 0 | print_fname_stdin (sl->d)); |
794 | 0 | release_progress_context (pfx); |
795 | 0 | return rc; |
796 | 0 | } |
797 | 0 | handle_progress (pfx, fp, sl->d); |
798 | 0 | do_hash (md, md2, fp, textmode); |
799 | 0 | iobuf_close (fp); |
800 | 0 | } |
801 | | |
802 | 0 | release_progress_context (pfx); |
803 | 0 | return 0; |
804 | 0 | } |
805 | | |
806 | | |
807 | | /* Hash the data from file descriptor DATA_FD and append the hash to hash |
808 | | contexts MD and MD2. */ |
809 | | int |
810 | | hash_datafile_by_fd (gcry_md_hd_t md, gcry_md_hd_t md2, |
811 | | gnupg_fd_t data_fd, int textmode) |
812 | 0 | { |
813 | 0 | progress_filter_context_t *pfx = new_progress_context (); |
814 | 0 | iobuf_t fp; |
815 | |
|
816 | 0 | if (is_secured_file (data_fd)) |
817 | 0 | { |
818 | 0 | fp = NULL; |
819 | 0 | gpg_err_set_errno (EPERM); |
820 | 0 | } |
821 | 0 | else |
822 | 0 | fp = iobuf_fdopen_nc (data_fd, "rb"); |
823 | |
|
824 | 0 | if (!fp) |
825 | 0 | { |
826 | 0 | int rc = gpg_error_from_syserror (); |
827 | 0 | log_error (_("can't open signed data fd=%d: %s\n"), |
828 | 0 | FD_DBG (data_fd), strerror (errno)); |
829 | 0 | release_progress_context (pfx); |
830 | 0 | return rc; |
831 | 0 | } |
832 | | |
833 | 0 | handle_progress (pfx, fp, NULL); |
834 | |
|
835 | 0 | do_hash (md, md2, fp, textmode); |
836 | |
|
837 | 0 | iobuf_close (fp); |
838 | |
|
839 | 0 | release_progress_context (pfx); |
840 | 0 | return 0; |
841 | 0 | } |
842 | | |
843 | | |
844 | | /* Set up a plaintext packet with the appropriate filename. If there |
845 | | is a --set-filename, use it (it's already UTF8). If there is a |
846 | | regular filename, UTF8-ize it if necessary. If there is no |
847 | | filenames at all, set the field empty. */ |
848 | | |
849 | | PKT_plaintext * |
850 | | setup_plaintext_name (const char *filename, IOBUF iobuf) |
851 | 0 | { |
852 | 0 | PKT_plaintext *pt; |
853 | |
|
854 | 0 | if ((filename && !iobuf_is_pipe_filename (filename)) |
855 | 0 | || (opt.set_filename && !iobuf_is_pipe_filename (opt.set_filename))) |
856 | 0 | { |
857 | 0 | char *s; |
858 | |
|
859 | 0 | if (opt.set_filename) |
860 | 0 | s = make_basename (opt.set_filename, iobuf_get_real_fname (iobuf)); |
861 | 0 | else if (filename && !opt.flags.utf8_filename) |
862 | 0 | { |
863 | 0 | char *tmp = native_to_utf8 (filename); |
864 | 0 | s = make_basename (tmp, iobuf_get_real_fname (iobuf)); |
865 | 0 | xfree (tmp); |
866 | 0 | } |
867 | 0 | else |
868 | 0 | s = make_basename (filename, iobuf_get_real_fname (iobuf)); |
869 | |
|
870 | 0 | pt = xmalloc (sizeof *pt + strlen (s) - 1); |
871 | 0 | pt->namelen = strlen (s); |
872 | 0 | memcpy (pt->name, s, pt->namelen); |
873 | 0 | xfree (s); |
874 | 0 | } |
875 | 0 | else |
876 | 0 | { |
877 | | /* no filename */ |
878 | 0 | pt = xmalloc (sizeof *pt - 1); |
879 | 0 | pt->namelen = 0; |
880 | 0 | } |
881 | |
|
882 | 0 | return pt; |
883 | 0 | } |