Skip to content
Permalink
Browse files Browse the repository at this point in the history
Insert the end-of-options marker before operation arguments.
This marker stops the parsing of additional options during external
calls to GPG. This behavior is unintended but its security impact is
dependent on the environment and the GPG version in use.
  • Loading branch information
thomas-chauchefoin-sonarsource authored and alecpl committed Feb 10, 2022
1 parent 44b6f70 commit 74c8f98
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions Crypt/GPG.php
Expand Up @@ -427,7 +427,7 @@ public function deletePublicKey($keyId)
);
}

$operation = '--delete-key ' . escapeshellarg($fingerprint);
$operation = '--delete-key -- ' . escapeshellarg($fingerprint);
$arguments = array(
'--batch',
'--yes'
Expand Down Expand Up @@ -474,7 +474,7 @@ public function deletePrivateKey($keyId)
);
}

$operation = '--delete-secret-key ' . escapeshellarg($fingerprint);
$operation = '--delete-secret-key -- ' . escapeshellarg($fingerprint);
$arguments = array(
'--batch',
'--yes'
Expand Down Expand Up @@ -546,7 +546,7 @@ public function getKeys($keyId = '')
public function getFingerprint($keyId, $format = self::FORMAT_NONE)
{
$output = '';
$operation = '--list-keys ' . escapeshellarg($keyId);
$operation = '--list-keys -- ' . escapeshellarg($keyId);
$arguments = array(
'--with-colons',
'--with-fingerprint'
Expand Down Expand Up @@ -1464,7 +1464,7 @@ protected function _exportKey($keyId, $armor = true, $private = false)

$keyData = '';
$operation = $private ? '--export-secret-keys' : '--export';
$operation .= ' ' . escapeshellarg($fingerprint);
$operation .= ' -- ' . escapeshellarg($fingerprint);
$arguments = $armor ? array('--armor') : array();

$this->engine->reset();
Expand Down
4 changes: 2 additions & 2 deletions Crypt/GPGAbstract.php
Expand Up @@ -334,7 +334,7 @@ protected function _getKeys($keyId = '')
if ($keyId == '') {
$operation = '--list-secret-keys';
} else {
$operation = '--utf8-strings --list-secret-keys ' . escapeshellarg($keyId);
$operation = '--utf8-strings --list-secret-keys -- ' . escapeshellarg($keyId);
}

// According to The file 'doc/DETAILS' in the GnuPG distribution, using
Expand Down Expand Up @@ -366,7 +366,7 @@ protected function _getKeys($keyId = '')
if ($keyId == '') {
$operation = '--list-public-keys';
} else {
$operation = '--utf8-strings --list-public-keys ' . escapeshellarg($keyId);
$operation = '--utf8-strings --list-public-keys -- ' . escapeshellarg($keyId);
}

$output = '';
Expand Down

0 comments on commit 74c8f98

Please sign in to comment.