1 /* plaintext.c - process plaintext packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006, 2009, 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <https://www.gnu.org/licenses/>.
26 #include <sys/types.h>
27 #ifdef HAVE_DOSISH_SYSTEM
28 # include <fcntl.h> /* for setmode() */
42 /* Get the output filename. On success, the actual filename that is
43 used is set in *FNAMEP and a filepointer is returned in *FP.
45 EMBEDDED_NAME AND EMBEDDED_NAMELEN are normally stored in a
46 plaintext packet. EMBEDDED_NAMELEN should not include any NUL
47 terminator (EMBEDDED_NAME does not need to be NUL terminated).
49 DATA is the iobuf containing the input data. We just use it to get
50 the input file's filename.
52 On success, the caller is responsible for calling xfree on *FNAMEP
53 and calling es_close on *FPP. */
55 get_output_file (const byte *embedded_name, int embedded_namelen,
56 iobuf_t data, char **fnamep, estream_t *fpp)
63 /* Create the filename as C string. */
66 fname = xtrystrdup ("[FP]");
69 err = gpg_error_from_syserror ();
75 fname = xtrystrdup (opt.outfile);
78 err = gpg_error_from_syserror ();
82 else if (embedded_namelen == 8 && !memcmp (embedded_name, "_CONSOLE", 8))
84 log_info (_("data not saved; use option \"--output\" to save it\n"));
87 else if (!opt.flags.use_embedded_filename)
90 fname = make_outfile_name (iobuf_get_real_fname (data));
92 fname = ask_outfile_name (embedded_name, embedded_namelen);
95 err = gpg_error (GPG_ERR_GENERAL); /* Can't create file. */
100 fname = utf8_to_native (embedded_name, embedded_namelen, 0);
109 else if (iobuf_is_pipe_filename (fname) || !*fname)
111 /* Special file name, no filename, or "-" given; write to the
112 * file descriptor or to stdout. */
116 fd = check_special_filename (fname, 1, 0);
119 /* Not a special filename, thus we want stdout. */
123 else if (!(fp = es_fdopen_nc (fd, "wb")))
125 err = gpg_error_from_syserror ();
126 snprintf (xname, sizeof xname, "[fd %d]", fd);
127 log_error (_("can't open '%s': %s\n"), xname, gpg_strerror (err));
133 while (!overwrite_filep (fname))
135 char *tmp = ask_outfile_name (NULL, 0);
139 /* FIXME: Below used to be GPG_ERR_CREATE_FILE */
140 err = gpg_error (GPG_ERR_GENERAL);
149 if (opt.outfp && is_secured_file (es_fileno (opt.outfp)))
151 err = gpg_error (GPG_ERR_EPERM);
152 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
155 else if (fp || nooutput)
157 else if (is_secured_filename (fname))
159 gpg_err_set_errno (EPERM);
160 err = gpg_error_from_syserror ();
161 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
164 else if (!(fp = es_fopen (fname, "wb")))
166 err = gpg_error_from_syserror ();
167 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
170 #else /* __riscos__ */
171 /* If no output filename was given, i.e. we constructed it, convert
172 all '.' in fname to '/' but not vice versa as we don't create
175 for (c = 0; fname[c]; ++c)
183 /* Note: riscos stuff is not expected to work anymore. If we
184 want to port it again to riscos we should do most of the suff
185 in estream. FIXME: Consider to remove all riscos special
187 fp = fopen (fname, "wb");
190 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
191 err = GPG_ERR_CREATE_FILE;
193 log_info ("Do output file and input file have the same name?\n");
197 /* If there's a ,xxx extension in the embedded filename,
198 use that, else check whether the user input (in fname)
199 has a ,xxx appended, then use that in preference */
200 if ((c = riscos_get_filetype_from_string (embedded_name,
201 embedded_namelen)) != -1)
203 if ((c = riscos_get_filetype_from_string (fname, strlen (fname))) != -1)
205 riscos_set_filetype_by_number (fname, filetype);
207 #endif /* __riscos__ */
212 if (fp && fp != es_stdout && fp != opt.outfp)
223 /* Handle a plaintext packet. If MFX is not NULL, update the MDs
224 * Note: We should have used the filter stuff here, but we have to add
225 * some easy mimic to set a read limit, so we calculate only the bytes
226 * from the plaintext. */
228 handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx,
229 int nooutput, int clearsig)
233 static off_t count = 0;
238 int filetype = 0xfff;
241 if (pt->mode == 't' || pt->mode == 'u' || pt->mode == 'm')
246 /* Let people know what the plaintext info is. This allows the
247 receiving program to try and do something different based on the
248 format code (say, recode UTF-8 to local). */
249 if (!nooutput && is_status_enabled ())
253 /* Better make sure that stdout has been flushed in case the
254 output will be written to it. This is to make sure that no
255 not-yet-flushed stuff will be written after the plaintext
257 es_fflush (es_stdout);
259 snprintf (status, sizeof status,
260 "%X %lu ", (byte) pt->mode, (ulong) pt->timestamp);
261 write_status_text_and_buffer (STATUS_PLAINTEXT,
262 status, pt->name, pt->namelen, 0);
266 snprintf (status, sizeof status, "%lu", (ulong) pt->len);
267 write_status_text (STATUS_PLAINTEXT_LENGTH, status);
273 err = get_output_file (pt->name, pt->namelen, pt->buf, &fname, &fp);
280 /* We have an actual length (which might be zero). */
284 log_error ("clearsig encountered while not expected\n");
285 err = gpg_error (GPG_ERR_UNEXPECTED);
289 if (convert) /* Text mode. */
291 for (; pt->len; pt->len--)
293 if ((c = iobuf_get (pt->buf)) == -1)
295 err = gpg_error_from_syserror ();
296 log_error ("problem reading source (%u bytes remaining)\n",
301 gcry_md_putc (mfx->md, c);
302 #ifndef HAVE_DOSISH_SYSTEM
303 /* Convert to native line ending. */
304 /* fixme: this hack might be too simple */
305 if (c == '\r' && convert != 'm')
310 if (opt.max_output && (++count) > opt.max_output)
312 log_error ("error writing to '%s': %s\n",
313 fname, "exceeded --max-output limit\n");
314 err = gpg_error (GPG_ERR_TOO_LARGE);
317 else if (es_putc (c, fp) == EOF)
320 err = gpg_error_from_syserror ();
322 err = gpg_error (GPG_ERR_EOF);
323 log_error ("error writing to '%s': %s\n",
324 fname, gpg_strerror (err));
330 else /* Binary mode. */
332 byte *buffer = xmalloc (32768);
335 int len = pt->len > 32768 ? 32768 : pt->len;
336 len = iobuf_read (pt->buf, buffer, len);
339 err = gpg_error_from_syserror ();
340 log_error ("problem reading source (%u bytes remaining)\n",
346 gcry_md_write (mfx->md, buffer, len);
349 if (opt.max_output && (count += len) > opt.max_output)
351 log_error ("error writing to '%s': %s\n",
352 fname, "exceeded --max-output limit\n");
353 err = gpg_error (GPG_ERR_TOO_LARGE);
357 else if (es_fwrite (buffer, 1, len, fp) != len)
359 err = gpg_error_from_syserror ();
360 log_error ("error writing to '%s': %s\n",
361 fname, gpg_strerror (err));
375 while ((c = iobuf_get (pt->buf)) != -1)
378 gcry_md_putc (mfx->md, c);
379 #ifndef HAVE_DOSISH_SYSTEM
380 if (c == '\r' && convert != 'm')
381 continue; /* fixme: this hack might be too simple */
385 if (opt.max_output && (++count) > opt.max_output)
387 log_error ("Error writing to '%s': %s\n",
388 fname, "exceeded --max-output limit\n");
389 err = gpg_error (GPG_ERR_TOO_LARGE);
392 else if (es_putc (c, fp) == EOF)
395 err = gpg_error_from_syserror ();
397 err = gpg_error (GPG_ERR_EOF);
398 log_error ("error writing to '%s': %s\n",
399 fname, gpg_strerror (err));
410 buffer = xtrymalloc (32768);
413 err = gpg_error_from_syserror ();
419 /* Why do we check for len < 32768:
420 * If we won't, we would practically read 2 EOFs but
421 * the first one has already popped the block_filter
422 * off and therefore we don't catch the boundary.
423 * So, always assume EOF if iobuf_read returns less bytes
425 int len = iobuf_read (pt->buf, buffer, 32768);
431 gcry_md_write (mfx->md, buffer, len);
434 if (opt.max_output && (count += len) > opt.max_output)
436 log_error ("error writing to '%s': %s\n",
437 fname, "exceeded --max-output limit\n");
438 err = gpg_error (GPG_ERR_TOO_LARGE);
442 else if (es_fwrite (buffer, 1, len, fp) != len)
444 err = gpg_error_from_syserror ();
445 log_error ("error writing to '%s': %s\n",
446 fname, gpg_strerror (err));
456 else /* Clear text signature - don't hash the last CR,LF. */
460 while ((c = iobuf_get (pt->buf)) != -1)
464 if (opt.max_output && (++count) > opt.max_output)
466 log_error ("error writing to '%s': %s\n",
467 fname, "exceeded --max-output limit\n");
468 err = gpg_error (GPG_ERR_TOO_LARGE);
471 else if (es_putc (c, fp) == EOF)
473 err = gpg_error_from_syserror ();
474 log_error ("error writing to '%s': %s\n",
475 fname, gpg_strerror (err));
483 gcry_md_putc (mfx->md, '\r');
484 gcry_md_putc (mfx->md, '\n');
494 gcry_md_putc (mfx->md, c);
502 gcry_md_putc (mfx->md, '\r');
508 gcry_md_putc (mfx->md, c);
516 if (fp && fp != es_stdout && fp != opt.outfp && es_fclose (fp))
518 err = gpg_error_from_syserror ();
519 log_error ("error closing '%s': %s\n", fname, gpg_strerror (err));
526 /* Make sure that stdout gets flushed after the plaintext has been
527 handled. This is for extra security as we do a flush anyway
528 before checking the signature. */
529 if (es_fflush (es_stdout))
531 /* We need to check the return code to detect errors like disk
532 full for short plaintexts. See bug#1207. Checking return
533 values is a good idea in any case. */
535 err = gpg_error_from_syserror ();
536 log_error ("error flushing '%s': %s\n", "[stdout]",
540 if (fp && fp != es_stdout && fp != opt.outfp)
548 do_hash (gcry_md_hd_t md, gcry_md_hd_t md2, IOBUF fp, int textmode)
550 text_filter_context_t tfx;
555 memset (&tfx, 0, sizeof tfx);
556 iobuf_push_filter (fp, text_filter, &tfx);
559 { /* work around a strange behaviour in pgp2 */
560 /* It seems that at least PGP5 converts a single CR to a CR,LF too */
562 while ((c = iobuf_get (fp)) != -1)
564 if (c == '\n' && lc == '\r')
565 gcry_md_putc (md2, c);
568 gcry_md_putc (md2, '\r');
569 gcry_md_putc (md2, c);
571 else if (c != '\n' && lc == '\r')
573 gcry_md_putc (md2, '\n');
574 gcry_md_putc (md2, c);
577 gcry_md_putc (md2, c);
580 gcry_md_putc (md, c);
586 while ((c = iobuf_get (fp)) != -1)
589 gcry_md_putc (md, c);
596 * Ask for the detached datafile and calculate the digest from it.
597 * INFILE is the name of the input file.
600 ask_for_detached_datafile (gcry_md_hd_t md, gcry_md_hd_t md2,
601 const char *inname, int textmode)
603 progress_filter_context_t *pfx;
608 pfx = new_progress_context ();
609 fp = open_sigfile (inname, pfx); /* Open default file. */
611 if (!fp && !opt.batch)
614 tty_printf (_("Detached signature.\n"));
620 tty_enable_completion (NULL);
621 name = cpr_get ("detached_signature.filename",
622 _("Please enter name of data file: "));
623 tty_disable_completion ();
625 answer = make_filename (name, (void *) NULL);
630 rc = gpg_error (GPG_ERR_GENERAL); /*G10ERR_READ_FILE */
633 fp = iobuf_open (answer);
634 if (fp && is_secured_file (iobuf_get_fd (fp)))
638 gpg_err_set_errno (EPERM);
640 if (!fp && errno == ENOENT)
642 tty_printf ("No such file, try again or hit enter to quit.\n");
647 rc = gpg_error_from_syserror ();
648 log_error (_("can't open '%s': %s\n"), answer,
659 log_info (_("reading stdin ...\n"));
660 fp = iobuf_open (NULL);
663 do_hash (md, md2, fp, textmode);
668 release_progress_context (pfx);
674 /* Hash the given files and append the hash to hash contexts MD and
675 * MD2. If FILES is NULL, stdin is hashed. */
677 hash_datafiles (gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files,
678 const char *sigfilename, int textmode)
680 progress_filter_context_t *pfx;
684 pfx = new_progress_context ();
688 /* Check whether we can open the signed material. We avoid
689 trying to open a file if run in batch mode. This assumed
690 data file for a sig file feature is just a convenience thing
691 for the command line and the user needs to read possible
695 fp = open_sigfile (sigfilename, pfx);
698 do_hash (md, md2, fp, textmode);
700 release_progress_context (pfx);
704 log_error (_("no signed data\n"));
705 release_progress_context (pfx);
706 return gpg_error (GPG_ERR_NO_DATA);
710 for (sl = files; sl; sl = sl->next)
712 fp = iobuf_open (sl->d);
713 if (fp && is_secured_file (iobuf_get_fd (fp)))
717 gpg_err_set_errno (EPERM);
721 int rc = gpg_error_from_syserror ();
722 log_error (_("can't open signed data '%s'\n"),
723 print_fname_stdin (sl->d));
724 release_progress_context (pfx);
727 handle_progress (pfx, fp, sl->d);
728 do_hash (md, md2, fp, textmode);
732 release_progress_context (pfx);
737 /* Hash the data from file descriptor DATA_FD and append the hash to hash
738 contexts MD and MD2. */
740 hash_datafile_by_fd (gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd,
743 progress_filter_context_t *pfx = new_progress_context ();
746 if (is_secured_file (data_fd))
749 gpg_err_set_errno (EPERM);
752 fp = iobuf_fdopen_nc (data_fd, "rb");
756 int rc = gpg_error_from_syserror ();
757 log_error (_("can't open signed data fd=%d: %s\n"),
758 data_fd, strerror (errno));
759 release_progress_context (pfx);
763 handle_progress (pfx, fp, NULL);
765 do_hash (md, md2, fp, textmode);
769 release_progress_context (pfx);
774 /* Set up a plaintext packet with the appropriate filename. If there
775 is a --set-filename, use it (it's already UTF8). If there is a
776 regular filename, UTF8-ize it if necessary. If there is no
777 filenames at all, set the field empty. */
780 setup_plaintext_name (const char *filename, IOBUF iobuf)
784 if ((filename && !iobuf_is_pipe_filename (filename))
785 || (opt.set_filename && !iobuf_is_pipe_filename (opt.set_filename)))
789 if (opt.set_filename)
790 s = make_basename (opt.set_filename, iobuf_get_real_fname (iobuf));
791 else if (filename && !opt.flags.utf8_filename)
793 char *tmp = native_to_utf8 (filename);
794 s = make_basename (tmp, iobuf_get_real_fname (iobuf));
798 s = make_basename (filename, iobuf_get_real_fname (iobuf));
800 pt = xmalloc (sizeof *pt + strlen (s) - 1);
801 pt->namelen = strlen (s);
802 memcpy (pt->name, s, pt->namelen);
808 pt = xmalloc (sizeof *pt - 1);