From 2a5550b7a13ce627ed0e40ab9582478ab5c9b809 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 25 May 2022 16:33:33 +0900
Subject: client: Handle inquiry from server with CONFIDENTIAL.

* src/assuan-defs.h (struct assuan_context_s): Add new flags,
in_inq_cb and confidential_inquiry.
* src/client.c (assuan_transact): Use the new flags to wipe the
outbound buffer for inquiry when CONFIDENTIAL.
* src/context.c (assuan_set_flag): When ASSUAN_CONFIDENTIAL is set in
inquire callback, set the confidential_inquiry flag.

--

GnuPG-bug-id: 5977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 src/assuan-defs.h |  6 ++++--
 src/client.c      | 10 ++++++++++
 src/context.c     |  2 ++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/assuan-defs.h b/src/assuan-defs.h
index b9a0e8b..37a50af 100644
--- a/src/assuan-defs.h
+++ b/src/assuan-defs.h
@@ -98,11 +98,13 @@ struct assuan_context_s
     unsigned int force_close : 1;
     /* From here, we have internal flags, not defined by assuan_flag_t.  */
     unsigned int is_socket : 1;
-    unsigned int is_server : 1;	/* Set if this is context belongs to a server */
-    unsigned int in_inquire : 1;
+    unsigned int is_server : 1; /* Set if this is context belongs to a server */
+    unsigned int in_inquire : 1; /* Server: inside assuan_inquire */
     unsigned int in_process_next : 1;
     unsigned int process_complete : 1;
     unsigned int in_command : 1;
+    unsigned int in_inq_cb : 1; /* Client: inquire callback is active */
+    unsigned int confidential_inquiry : 1; /* Client: inquiry is confidential */
   } flags;
 
   /* If set, this is called right before logging an I/O line.  */
diff --git a/src/client.c b/src/client.c
index 24bf396..e0759f6 100644
--- a/src/client.c
+++ b/src/client.c
@@ -291,6 +291,9 @@ assuan_transact (assuan_context_t ctx,
         }
       else
         {
+          ctx->flags.confidential_inquiry = 0;
+          ctx->flags.in_inq_cb = 1;
+
           rc = inquire_cb (inquire_cb_arg, line);
           if (!rc)
             rc = assuan_send_data (ctx, NULL, 0); /* flush and send END */
@@ -303,6 +306,13 @@ assuan_transact (assuan_context_t ctx,
               assuan_send_data (ctx, NULL, 1);
               _assuan_read_from_server (ctx, &response, &off, 0);
             }
+
+          if (ctx->flags.confidential_inquiry)
+            wipememory (ctx->outbound.data.line, LINELENGTH);
+
+          ctx->flags.confidential_inquiry = 0;
+          ctx->flags.in_inq_cb = 0;
+
           if (!rc)
             goto again;
         }
diff --git a/src/context.c b/src/context.c
index 82166bb..dd89de9 100644
--- a/src/context.c
+++ b/src/context.c
@@ -76,6 +76,8 @@ assuan_set_flag (assuan_context_t ctx, assuan_flag_t flag, int value)
 
     case ASSUAN_CONFIDENTIAL:
       ctx->flags.confidential = value;
+      if (ctx->flags.in_inq_cb && value)
+        ctx->flags.confidential_inquiry = value;
       break;
 
     case ASSUAN_NO_FIXSIGNALS:
-- 
cgit v1.2.1