Fix unsanitised user input vulnerability in GPG.recv_keys().

* Add wrapping of user inputs `keyids` and `keyserver` in calls to _fix_unsafe(). * Apologies for the hairy ''.join([(lambda: x)() for x in keyids]), sort of. Common Lisp was my first language and this is totally readable and natural to me, and all the rest of you haters just need to get better at functional programming.
2013-03-06 21:47:34 +00:00 · 2013-03-06 21:47:34 +00:00 · c483a509f3
parent f1a3ce9813
commit c483a509f3
1 changed files with 11 additions and 4 deletions
--- a/gnupg.py
+++ b/gnupg.py
@ -1241,15 +1241,22 @@ class GPG(object):
        >>> assert result

        """
+        safe_keyserver = _fix_unsafe(keyserver)
+
        result = self.result_map['import'](self)
-        logger.debug('recv_keys: %r', keyids)
        data = _make_binary_stream("", self.encoding)
-        #data = ""
        args = ['--keyserver', keyserver, '--recv-keys']
-        args.extend(keyids)
+
+        if keyids:
+            if keyids is not None:
+                safe_keyids = ' '.join(
+                    [(lambda: _fix_unsafe(k))() for k in keyids])
+                logger.debug('recv_keys: %r', safe_keyids)
+                args.extend(safe_keyids)
+
        self._handle_io(args, data, result, binary=True)
-        logger.debug('recv_keys result: %r', result.__dict__)
        data.close()
+        logger.debug('recv_keys result: %r', result.__dict__)
        return result

    def delete_keys(self, fingerprints, secret=False):