From: Andre Noll <maan@tuebingen.mpg.de>
Date: Sun, 10 Jul 2016 19:33:18 +0000 (+0200)
Subject: gcrypt: Check file permissions of private keys.
X-Git-Tag: v0.5.7~28
X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=33d0d618adbd6bd7afafbbbe1fd0d60b7c8d561c;hp=c998e827328c7989986e4fb91048e7f427f722a8

gcrypt: Check file permissions of private keys.

Before opening a private key, crypt.c checks that the permissions
are restrictive enough. However, the gcrypt implementation contains
no such check. This commit adds it.
---

diff --git a/gcrypt.c b/gcrypt.c
index 63f8fff3..3c6c1ad1 100644
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -782,6 +782,9 @@ int priv_decrypt(const char *key_file, unsigned char *outbuf,
 	gcry_sexp_t in, out, priv_key;
 	size_t nbytes;
 
+	ret = check_key_file(key_file, true);
+	if (ret < 0)
+		return ret;
 	PARA_INFO_LOG("decrypting %d byte input\n", inlen);
 	/* key_file -> asymmetric key priv */
 	ret = get_private_key(key_file, &priv);