diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-05-04 18:51:36 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-05-04 18:58:31 -0400 |
commit | 699687f503c63541a6e28501fa5f523b89c1915b (patch) | |
tree | f74fd9da7533b744d33bae9a714403d985047fad /Verify.hs | |
parent | e8f408e6456ac445c53fe50594ee0effc136f86c (diff) | |
download | debug-me-699687f503c63541a6e28501fa5f523b89c1915b.tar.gz |
sanitize gpg output and chat messages
Just in case, only allow printable characters in this, not control
characters.
Diffstat (limited to 'Verify.hs')
-rw-r--r-- | Verify.hs | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -12,9 +12,11 @@ import Crypto import Gpg import Hash import PrevActivity +import Output import Control.Concurrent.STM import Data.Maybe +import Data.ByteString.UTF8 (toString) verify :: VerifyOpts -> IO () verify opts = go 1 startState =<< streamLog (verifyLogFile opts) @@ -66,7 +68,8 @@ mkRecentActivity st = return (sigVerifier st, prevHashes st) addSessionKey :: Integer -> PerhapsSigned PublicKey -> State -> IO State addSessionKey lineno p@(GpgSigned pk _ _) st = do - mkid <- gpgVerify p + (mkid, gpgoutput) <- gpgVerify p + putStr $ unlines $ map sanitizeForDisplay $ lines $ toString gpgoutput case mkid of Nothing -> lineError lineno "Bad GnuPG signature." Just _ -> do |