Updated card stuff to support T=0 cards.
[gnupg.git] / g10 / plaintext.c
index 8904302..e3ea369 100644 (file)
@@ -1,5 +1,6 @@
 /* plaintext.c -  process plaintext packets
- * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -15,7 +16,8 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
  */
 
 #include <config.h>
@@ -24,6 +26,7 @@
 #include <string.h>
 #include <errno.h>
 #include <assert.h>
+#include <sys/types.h>
 #ifdef HAVE_DOSISH_SYSTEM
 #include <fcntl.h> /* for setmode() */
 #endif
@@ -39,7 +42,6 @@
 #include "i18n.h"
 
 
-
 /****************
  * Handle a plaintext packet.  If MFX is not NULL, update the MDs
  * Note: we should use the filter stuff here, but we have to add some
@@ -52,18 +54,37 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 {
     char *fname = NULL;
     FILE *fp = NULL;
+    static off_t count=0;
     int rc = 0;
     int c;
-    int convert = pt->mode == 't';
+    int convert = (pt->mode == 't' || pt->mode == 'u');
 #ifdef __riscos__
     int filetype = 0xfff;
 #endif
 
+    /* Let people know what the plaintext info is. This allows the
+       receiving program to try and do something different based on
+       the format code (say, recode UTF-8 to local). */
+    if(!nooutput && is_status_enabled())
+      {
+       char status[50];
+
+       sprintf(status,"%X %lu ",(byte)pt->mode,(ulong)pt->timestamp);
+       write_status_text_and_buffer(STATUS_PLAINTEXT,
+                                    status,pt->name,pt->namelen,0);
+
+       if(!pt->is_partial)
+         {
+           sprintf(status,"%lu",(ulong)pt->len);
+           write_status_text(STATUS_PLAINTEXT_LENGTH,status);
+         }
+      }
+
     /* create the filename as C string */
     if( nooutput )
        ;
     else if( opt.outfile ) {
-       fname = m_alloc( strlen( opt.outfile ) + 1);
+       fname = xmalloc( strlen( opt.outfile ) + 1);
        strcpy(fname, opt.outfile );
     }
     else if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) {
@@ -85,22 +106,23 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 
     if( nooutput )
        ;
-    else if( !*fname || (*fname=='-' && !fname[1])) {
-       /* no filename or "-" given; write to stdout */
+    else if ( iobuf_is_pipe_filename (fname) || !*fname)
+      {
+       /* No filename or "-" given; write to stdout. */
        fp = stdout;
 #ifdef HAVE_DOSISH_SYSTEM
        setmode ( fileno(fp) , O_BINARY );
 #endif
-    }
+      }
     else {
        while( !overwrite_filep (fname) ) {
             char *tmp = ask_outfile_name (NULL, 0);
             if ( !tmp || !*tmp ) {
-                m_free (tmp);
+                xfree (tmp);
                 rc = G10ERR_CREATE_FILE;
                 goto leave;
             }
-            m_free (fname);
+            xfree (fname);
             fname = tmp;
         }
     }
@@ -108,16 +130,26 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
 #ifndef __riscos__
     if( fp || nooutput )
        ;
+    else if (is_secured_filename (fname))
+      {
+        errno = EPERM;
+       log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
+       rc = G10ERR_CREATE_FILE;
+       goto leave;
+      }
     else if( !(fp = fopen(fname,"wb")) ) {
        log_error(_("error creating `%s': %s\n"), fname, strerror(errno) );
        rc = G10ERR_CREATE_FILE;
        goto leave;
     }
 #else /* __riscos__ */
-    /* Convert all '.' in fname to '/' -- we don't create directories! */
-    for( c=0; fname[c]; ++c )
-        if( fname[c] == '.' )
-            fname[c] = '/';
+    /* If no output filename was given, i.e. we constructed it,
+       convert all '.' in fname to '/' but not vice versa as
+       we don't create directories! */
+    if( !opt.outfile )
+        for( c=0; fname[c]; ++c )
+            if( fname[c] == '.' )
+                fname[c] = '/';
 
     if( fp || nooutput )
        ;
@@ -161,18 +193,27 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
                if( c == '\r' )  /* convert to native line ending */
                    continue;    /* fixme: this hack might be too simple */
 #endif
-               if( fp ) {
-                   if( putc( c, fp ) == EOF ) {
+               if( fp )
+                 {
+                   if(opt.max_output && (++count)>opt.max_output)
+                     {
+                       log_error("Error writing to `%s': %s\n",
+                                 fname,"exceeded --max-output limit\n");
+                       rc = G10ERR_WRITE_FILE;
+                       goto leave;
+                     }
+                   else if( putc( c, fp ) == EOF )
+                     {
                        log_error("Error writing to `%s': %s\n",
                                  fname, strerror(errno) );
                        rc = G10ERR_WRITE_FILE;
                        goto leave;
-                   }
-               }
+                     }
+                 }
            }
        }
        else { /* binary mode */
-           byte *buffer = m_alloc( 32768 );
+           byte *buffer = xmalloc( 32768 );
            while( pt->len ) {
                int len = pt->len > 32768 ? 32768 : pt->len;
                len = iobuf_read( pt->buf, buffer, len );
@@ -180,23 +221,33 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
                    log_error("Problem reading source (%u bytes remaining)\n",
                              (unsigned)pt->len);
                    rc = G10ERR_READ_FILE;
-                   m_free( buffer );
+                   xfree( buffer );
                    goto leave;
                }
                if( mfx->md )
                    md_write( mfx->md, buffer, len );
-               if( fp ) {
-                   if( fwrite( buffer, 1, len, fp ) != len ) {
+               if( fp )
+                 {
+                   if(opt.max_output && (count+=len)>opt.max_output)
+                     {
+                       log_error("Error writing to `%s': %s\n",
+                                 fname,"exceeded --max-output limit\n");
+                       rc = G10ERR_WRITE_FILE;
+                       xfree( buffer );
+                       goto leave;
+                     }
+                   else if( fwrite( buffer, 1, len, fp ) != len )
+                     {
                        log_error("Error writing to `%s': %s\n",
                                  fname, strerror(errno) );
                        rc = G10ERR_WRITE_FILE;
-                       m_free( buffer );
+                       xfree( buffer );
                        goto leave;
-                   }
-               }
+                     }
+                 }
                pt->len -= len;
            }
-           m_free( buffer );
+           xfree( buffer );
        }
     }
     else if( !clearsig ) {
@@ -208,18 +259,27 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
                if( convert && c == '\r' )
                    continue; /* fixme: this hack might be too simple */
 #endif
-               if( fp ) {
-                   if( putc( c, fp ) == EOF ) {
+               if( fp )
+                 {
+                   if(opt.max_output && (++count)>opt.max_output)
+                     {
+                       log_error("Error writing to `%s': %s\n",
+                                 fname,"exceeded --max-output limit\n");
+                       rc = G10ERR_WRITE_FILE;
+                       goto leave;
+                     }
+                   else if( putc( c, fp ) == EOF )
+                     {
                        log_error("Error writing to `%s': %s\n",
                                  fname, strerror(errno) );
                        rc = G10ERR_WRITE_FILE;
                        goto leave;
-                   }
-               }
+                     }
+                 }
            }
        }
        else { /* binary mode */
-           byte *buffer = m_alloc( 32768 );
+           byte *buffer = xmalloc( 32768 );
            int eof;
            for( eof=0; !eof; ) {
                /* Why do we check for len < 32768:
@@ -235,17 +295,26 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
                    eof = 1;
                if( mfx->md )
                    md_write( mfx->md, buffer, len );
-               if( fp ) {
-                   if( fwrite( buffer, 1, len, fp ) != len ) {
+               if( fp )
+                 {
+                   if(opt.max_output && (count+=len)>opt.max_output)
+                     {
                        log_error("Error writing to `%s': %s\n",
-                                 fname, strerror(errno) );
+                                 fname,"exceeded --max-output limit\n");
                        rc = G10ERR_WRITE_FILE;
-                       m_free( buffer );
+                       xfree( buffer );
                        goto leave;
+                     }
+                   else if( fwrite( buffer, 1, len, fp ) != len ) {
+                     log_error("Error writing to `%s': %s\n",
+                               fname, strerror(errno) );
+                     rc = G10ERR_WRITE_FILE;
+                     xfree( buffer );
+                     goto leave;
                    }
-               }
+                 }
            }
-           m_free( buffer );
+           xfree( buffer );
        }
        pt->buf = NULL;
     }
@@ -253,14 +322,23 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
        int state = 0;
 
        while( (c = iobuf_get(pt->buf)) != -1 ) {
-           if( fp ) {
-               if( putc( c, fp ) == EOF ) {
+           if( fp )
+             {
+               if(opt.max_output && (++count)>opt.max_output)
+                 {
                    log_error("Error writing to `%s': %s\n",
-                                               fname, strerror(errno) );
+                             fname,"exceeded --max-output limit\n");
                    rc = G10ERR_WRITE_FILE;
                    goto leave;
-               }
-           }
+                 }
+               else if( putc( c, fp ) == EOF )
+                 {
+                   log_error("Error writing to `%s': %s\n",
+                             fname, strerror(errno) );
+                   rc = G10ERR_WRITE_FILE;
+                   goto leave;
+                 }
+             }
            if( !mfx->md )
                continue;
            if( state == 2 ) {
@@ -304,7 +382,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
   leave:
     if( fp && fp != stdout )
        fclose(fp);
-    m_free(fname);
+    xfree(fname);
     return rc;
 }
 
@@ -368,24 +446,33 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
        int any=0;
        tty_printf(_("Detached signature.\n"));
        do {
-           m_free(answer);
+           xfree(answer);
+           tty_enable_completion(NULL);
            answer = cpr_get("detached_signature.filename",
                           _("Please enter name of data file: "));
+           tty_disable_completion();
            cpr_kill_prompt();
            if( any && !*answer ) {
                rc = G10ERR_READ_FILE;
                goto leave;
            }
            fp = iobuf_open(answer);
+            if (fp && is_secured_file (iobuf_get_fd (fp)))
+              {
+                iobuf_close (fp);
+                fp = NULL;
+                errno = EPERM;
+              }
            if( !fp && errno == ENOENT ) {
                tty_printf("No such file, try again or hit enter to quit.\n");
                any++;
            }
-           else if( !fp ) {
-               log_error("can't open `%s': %s\n", answer, strerror(errno) );
+           else if( !fp )
+             {
+               log_error(_("can't open `%s': %s\n"), answer, strerror(errno));
                rc = G10ERR_READ_FILE;
                goto leave;
-           }
+             }
        } while( !fp );
     }
 
@@ -399,7 +486,7 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
     iobuf_close(fp);
 
   leave:
-    m_free(answer);
+    xfree(answer);
     return rc;
 }
 
@@ -432,6 +519,12 @@ hash_datafiles( MD_HANDLE md, MD_HANDLE md2, STRLIST files,
 
     for (sl=files; sl; sl = sl->next ) {
        fp = iobuf_open( sl->d );
+        if (fp && is_secured_file (iobuf_get_fd (fp)))
+          {
+            iobuf_close (fp);
+            fp = NULL;
+            errno = EPERM;
+          }
        if( !fp ) {
            log_error(_("can't open signed data `%s'\n"),
                                                print_fname_stdin(sl->d));