[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#16029: closed (24.3.50; epa-file.el: decrypted con

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#16029: closed (24.3.50; epa-file.el: decrypted contents get inserted into the wrong buffer)
Date: Mon, 02 Dec 2013 18:57:02 +0000

Your message dated Mon, 02 Dec 2013 13:56:40 -0500
with message-id <address@hidden>
and subject line Re: bug#16029: 24.3.50; epa-file.el: decrypted contents get 
inserted into the wrong buffer
has caused the debbugs.gnu.org bug report #16029,
regarding 24.3.50; epa-file.el: decrypted contents get inserted into the wrong 
to be marked as done.

(If you believe you have received this mail in error, please contact

16029: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16029
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: 24.3.50; epa-file.el: decrypted contents get inserted into the wrong buffer Date: Mon, 02 Dec 2013 22:26:04 +0600

it's a race condition while opening a file using epa-file.el to decrypt
its contents on the fly, and something else closing the buffer.

i have a timed function that auto-closes *.gpg buffers after a given
time of inactivity:


the following simplified version can be used to reproduce the issue:

(defun %kill-gpg-buffers ()
  ;; automatically delete *.gpg buffers
  (dolist (buffer (copy-list (buffer-list)))
    (with-current-buffer buffer
      (when (and (string-match ".*\.gpg$" (buffer-name))
                 ;; a sloppy workaround: (> (buffer-size) 0)
        (message "Auto-killing .gpg buffer '%s'" (buffer-name buffer))
        (kill-buffer buffer)))))

(run-with-timer 0.1 0.1 '%kill-gpg-buffers)
;; (cancel-function-timers '%kill-gpg-buffers)

note that gpg-agent can introduce a long delay when asking the user for
the key password, which significantly raises the probability of
triggering this (i managed to save decrypted content into files where i
shouldn't have).

a possible fix is to add a check to the right place that ensures that
the current-buffer has not changed. i've experimented with this and that
in epa-file-insert-file-contents, but my emacs background knowledge is
too limited to efficiently deal with this security hole.

if it'll be rejected as a wontfix, then please advise how to implement
the autoclosing feature.

thank you for your time,

• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
“Once the fabric of a just society is undone, it takes generations to weave it 
back together.”
        — Deepak Chopra

In GNU Emacs (x86_64-pc-linux-gnu, GTK+ Version 3.4.2)
 of 2013-04-20 on dex, modified by Debian
 (emacs-snapshot package, version 2:20130420-1)
Windowing system distributor `The X.Org Foundation', version 11.0.11204000
System Description:     Debian GNU/Linux 7.2 (wheezy)

Configured using:
 `configure --build x86_64-linux-gnu --host x86_64-linux-gnu
 --prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var --infodir=/usr/share/info --mandir=/usr/share/man
 --without-compress-info --with-crt-dir=/usr/lib/x86_64-linux-gnu/
 --with-x=yes --with-x-toolkit=gtk3 --with-imagemagick=yes

Important settings:
  value of $LANG: en_US.utf8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Lisp

Minor modes in effect:
  eldoc-mode: t
  nxhtml-menu-mode: t
  nxhtml-tag-do-also: t
  popcmp-group-alternatives: t
  popcmp-short-help-beside-alts: t
  mlinks-active-links: t
  rngalt-minimal-validation-header: t
  rngalt-display-validation-header: t
  global-edit-server-edit-mode: t
  delete-selection-mode: t
  ido-everywhere: t
  show-paren-mode: t
  slime-mode: t
  global-whitespace-mode: t
  shell-dirtrack-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
<right> <right> <down> <down> <right> <down> <right> 
<right> C-M-. <down> <right> <right> <right> <right> 
<right> <right> <right> <right> <M-up> C-q <down> <right> 
<right> <right> <right> <right> <right> <right> <right> 
M-k <up> <up> <up> <up> <up> <up> <up> <right> <S-down> 
<S-down> <S-down> <S-down> <S-down> <S-down> <S-down> 
<S-down> <S-down> <S-left> C-, C-M-/ C-. <return> <C-tab> 
C-x C-s C-M-b <down> <return> C-h C-x C-s <C-tab> <up> 
<C-tab> <C-tab> <down> <up> <C-tab> <up> C-f <backspace> 
n o <return> a c c o u <return> <up> <up> <up> <up> 
<up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> 
<up> <down> <down> <down> <down> <down> <down> <down> 
<down> C-M-b <down> <right> <right> <right> <right> 
<right> <right> <right> <right> <return> <next> <next> 
<next> <next> <next> <next> <next> <next> <next> <next> 
<next> <next> <next> <next> <next> <next> <next> <next> 
<next> <next> <next> <next> <next> <next> <next> <next> 
<next> <next> <next> <next> <next> <next> <next> <next> 
<next> <next> <next> <next> <next> <next> <next> <next> 
<next> <next> <next> <next> <next> <next> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<prior> <prior> <prior> <prior> <prior> <prior> <prior> 
<up> <up> <up> <up> <up> <up> <up> <up> <up> <up> <up> 
<up> <C-tab> <down> <down> <down> <down> <up> <down> 
<down> <down> <down> <down> <right> <right> <right> 
<right> <right> <right> <right> <right> <right> <right> 
<right> <right> <right> <right> <right> <right> <right> 
<right> <up> <left> <right> <down> <left> <M-right> 
<return> <up> ; ; SPC t h i <backspace> <backspace> 
<backspace> M-x r e p o r t - e m a c s <return>

Recent messages:
Mark set
Saving file /home/alendvai/.emacs.d/init.el...
Wrote /home/alendvai/.emacs.d/init.el
Decrypting /home/alendvai/notes/accounts.txt.gpg...done
Auto-killing .gpg buffer 'accounts.txt.gpg'
scroll-down-command: Beginning of buffer [17 times]
call-interactively: Text is read-only
delete-backward-char: Text is read-only
call-interactively: End of buffer [12 times]

Load-path shadows:
/home/alendvai/workspace/hu.dwim.environment/emacs/htmlize hides 
/usr/share/emacs/24.3.50/site-lisp/debian-startup hides 
/usr/share/emacs/24.3.50/site-lisp/cmake-data/cmake-mode hides 
/home/alendvai/workspace/hu.dwim.environment/emacs/nxhtml/tests/ert hides 

(shadow sort mail-extr emacsbug cc-langs cc-mode-expansions cc-mode
cc-fonts cc-guess cc-menus cc-styles cc-align dired-aux conf-mode eldoc
edit-server-htmlize etags css-mode-expansions css-mode nxml-uchnm
rng-xsd xsd-regexp rng-cmpct mule-util arc-mode archive-mode tramp-cache
misearch multi-isearch debug nxhtml-autostart nxhtml-autoload moz
cc-cmds majmodpri nxhtml-menu udev-rinari udev-ecb udev flymake-js
flymake css-color nxhtml-mode html-quote tidy-xhtml ediff-merg
ediff-diff ediff-wind ediff-help ediff-util ediff-mult ediff-init ediff
html-imenu imenu loadhist popcmp xhtml-help mlinks html-toc xml fupd
html-pagetoc foldit appmenu-fold appmenu mumamo sgml-mode rngalt desktop
cc-engine cc-vars cc-defs help-mode flyspell ispell fold-dwim hideshow
html-upl html-site ourcomments-util uniquify recentf tree-widget
the-org-mode-expansions org ob-tangle ob-ref ob-lob ob-table
org-footnote org-src ob-comint ob-keys org-pcomplete org-list org-faces
org-entities noutline outline org-version ob-emacs-lisp ob org-compat
org-macs ob-eval org-loaddefs find-func cal-menu calendar cal-loaddefs
bookmark apropos grep ffip compile gimpedit web-vcs rx url-http tls url
url-proxy url-privacy url-expand url-methods url-history url-auth
url-cookie url-domsuf url-util url-parse url-gw url-vars cus-edit
web-autoload nxhtml-base lua-mode epa-file mu4e mu4e-speedbar speedbar
sb-image ezimage dframe mu4e-main mu4e-view epa epg mu4e-headers
mu4e-compose mu4e-draft mu4e-actions rfc2368 smtpmail sendmail mu4e-mark
mu4e-message html2text mu4e-proc mu4e-utils doc-view jka-compr
image-mode mu4e-lists mu4e-about mu4e-vars hl-line mu4e-meta
expand-region text-mode-expansions nxml-mode-expansions
html-mode-expansions er-basic-expansions expand-region-custom
expand-region-core edit-server dwim-key-bindings dwim-init delsel
slime-sprof slime-tramp slime-fancy slime-fontifying-fu slime-package-fu
slime-scratch slime-fuzzy slime-fancy-trace slime-fancy-inspector
slime-presentations slime-c-p-c slime-editing-commands slime-autodoc
slime-parse slime-sbcl-exts slime-references slime-asdf slime-repl elp
ido paren cus-start cus-load smooth-scrolling warnings scheme slime
hyperspec thingatpt browse-url saveplace findr swbuff hu.dwim.logger
hu.dwim.syntax-sugar hu.dwim.quasi-quote paredit edmacro kmacro
hu.dwim.def goto-last-change whitespace rng-nxml rng-valid rng-loc
rng-uri rng-parse nxml-parse rng-match rng-dt rng-util rng-pttrn nxml-ns
nxml-mode nxml-outln nxml-rap nxml-util nxml-glyph nxml-enc xmltok tramp
tramp-compat auth-source eieio byte-opt bytecomp byte-compile cconv
tramp-loaddefs trampver shell pcomplete advice dired ielm pp comint
ansi-color ring redo darcsum gnus-fun gnus-art mm-uu mml2015 epg-config
mm-view mml-smime smime password-cache dig mailcap gnus-sum nnoo
gnus-group gnus-undo nnmail mail-source gnus-start gnus-spec gnus-int
gnus-range message format-spec rfc822 mml mml-sec mm-decode mm-bodies
mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev
gmm-utils mailheader gnus-win gnus gnus-ems nnheader gnus-util
mail-utils mm-util mail-prsvr wid-edit easymenu derived add-log
dwim-util help-fns cl-macs gv cl nadvice cl-lib magit-install
emacs-goodies-el emacs-goodies-custom emacs-goodies-loaddefs easy-mmode
time-date tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd
tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment
lisp-mode register page menu-bar rfn-eshadow timer select scroll-bar
mouse jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
minibuffer loaddefs button faces cus-face macroexp files text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind inotify
dynamic-setting system-font-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty emacs)
<#secure method=pgpmime mode=sign>

--- End Message ---
--- Begin Message --- Subject: Re: bug#16029: 24.3.50; epa-file.el: decrypted contents get inserted into the wrong buffer Date: Mon, 02 Dec 2013 13:56:40 -0500 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
> it's a race condition while opening a file using epa-file.el to decrypt
> its contents on the fly, and something else closing the buffer.

Indeed, epg-decrypt-file runs filters and timers, so "anything can
happen".  I installed the patch below to try and address this problem,


=== modified file 'lisp/epa-file.el'
--- lisp/epa-file.el    2013-10-28 08:04:48 +0000
+++ lisp/epa-file.el    2013-12-02 18:51:23 +0000
@@ -132,6 +132,7 @@
         (local-file (or local-copy file))
         (context (epg-make-context))
+         (buf (current-buffer))
         string length entry)
     (if visit
        (setq buffer-file-name file))
@@ -157,9 +158,10 @@
                         nil t))
             (signal 'file-error
                     (cons "Opening input file" (cdr error)))))
-         (make-local-variable 'epa-file-encrypt-to)
-         (setq epa-file-encrypt-to
-               (mapcar #'car (epg-context-result-for context 'encrypted-to)))
+          (set-buffer buf) ;In case timer/filter changed/killed it (bug#16029)!
+         (setq-local epa-file-encrypt-to
+                      (mapcar #'car (epg-context-result-for
+                                     context 'encrypted-to)))
          (if (or beg end)
              (setq string (substring string (or beg 0) end)))

--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]