[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1150723 - /subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Mon, 25 Jul 2011 21:44:17 +0300

stsp_at_apache.org wrote on Mon, Jul 25, 2011 at 14:33:33 -0000:
> Author: stsp
> Date: Mon Jul 25 14:33:32 2011
> New Revision: 1150723
>
> URL: http://svn.apache.org/viewvc?rev=1150723&view=rev
> Log:
> On the gpg-agent-password-store branch, send the values of the LC_CTYPE
> and DISPLAY variables to gpg-agent. These might be useful for the pinentry
> program.
>
> * subversion/libsvn_auth_gpg_agent/gpg_agent.c
> (password_get_gpg_agent): If LC_CTYPE and/or DISPLAY environment variables
> are set, use their values as arguments for the --lc-ctype and --display
> options of gpg-agent.
>
> Modified:
> subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
>
> Modified: subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
> URL: http://svn.apache.org/viewvc/subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c?rev=1150723&r1=1150722&r2=1150723&view=diff
> ==============================================================================
> --- subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c (original)
> +++ subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c Mon Jul 25 14:33:32 2011
> @@ -101,6 +101,8 @@ password_get_gpg_agent(const char **pass
> struct sockaddr_un addr;
> const char *tty_name;
> const char *tty_type;
> + const char *lc_ctype;
> + const char *display;
> const char *socket_name = NULL;
> svn_checksum_t *digest = NULL;
>
> @@ -195,6 +197,46 @@ password_get_gpg_agent(const char **pass
> return FALSE;
> }
>
> + /* Send LC_CTYPE to the gpg-agent daemon. */
> + lc_ctype = getenv("LC_CTYPE");
> + if (lc_ctype == NULL)
> + lc_ctype = getenv("LC_ALL");
> + if (lc_ctype == NULL)
> + lc_ctype = getenv("LANG");
> + if (lc_ctype != NULL)
> + {
> + request = apr_psprintf(pool, "OPTION lc-ctype=%s\n", lc_ctype);

You're passing an environment variable to gpg-agent unescaped. Suppose
I could control the value of that variable in your environment. (Yes,
this is a contrived situation.) What could I do then?
Received on 2011-07-25 20:45:04 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.