Home GnuPG
Diffusion GnuPG 49151255f3b1

gpg: Make really sure that --verify-files always returns an error.

Description

gpg: Make really sure that --verify-files always returns an error.

* g10/verify.c (verify_files): Track the first error code.

It seems to be possible to play tricks with packet structures so that
log_error is not used for a bad input data. By actually checking the
return code and let the main driver in gpg call log_error, we can fix
this case.

Note that using gpg --verify-files and relying solely on gpg's return
code is at best a questionable strategy. It is for example impossible
to tell which data has been signed.

(cherry picked from commit 5681b8eaa44005afdd30211b47e5fb1a799583dd)

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Feb 10 2020, 3:32 PM
Parents
rG47f514fde6e2: common: Also protect log_inc_errorcount against counter overflow.
Branches
Unknown
Tags
Unknown