Re: svn commit: r1150723 - /subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c

Mon, 25 Jul 2011 11:44:59 -0700 

s...@apache.org wrote on Mon, Jul 25, 2011 at 14:33:33 -0000:
> Author: stsp
> Date: Mon Jul 25 14:33:32 2011
> New Revision: 1150723
> 
> URL: http://svn.apache.org/viewvc?rev=1150723&view=rev
> Log:
> On the gpg-agent-password-store branch, send the values of the LC_CTYPE
> and DISPLAY variables to gpg-agent. These might be useful for the pinentry
> program.
> 
> * subversion/libsvn_auth_gpg_agent/gpg_agent.c
>   (password_get_gpg_agent): If LC_CTYPE and/or DISPLAY environment variables
>    are set, use their values as arguments for the --lc-ctype and --display
>    options of gpg-agent.
> 
> Modified:
>     
> subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
> 
> Modified: 
> subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
> URL: 
> http://svn.apache.org/viewvc/subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c?rev=1150723&r1=1150722&r2=1150723&view=diff
> ==============================================================================
> --- 
> subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
>  (original)
> +++ 
> subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
>  Mon Jul 25 14:33:32 2011
> @@ -101,6 +101,8 @@ password_get_gpg_agent(const char **pass
>    struct sockaddr_un addr;
>    const char *tty_name;
>    const char *tty_type;
> +  const char *lc_ctype;
> +  const char *display;
>    const char *socket_name = NULL;
>    svn_checksum_t *digest = NULL;
>  
> @@ -195,6 +197,46 @@ password_get_gpg_agent(const char **pass
>        return FALSE;
>      }
>  
> +  /* Send LC_CTYPE to the gpg-agent daemon. */
> +  lc_ctype = getenv("LC_CTYPE");
> +  if (lc_ctype == NULL)
> +    lc_ctype = getenv("LC_ALL");
> +  if (lc_ctype == NULL)
> +    lc_ctype = getenv("LANG");
> +  if (lc_ctype != NULL)
> +    {
> +      request = apr_psprintf(pool, "OPTION lc-ctype=%s\n", lc_ctype);

You're passing an environment variable to gpg-agent unescaped.  Suppose
I could control the value of that variable in your environment.  (Yes,
this is a contrived situation.)  What could I do then?

Reply via email to