[gnome-keyring] gpg-agent: Encode passwords when --data was requested

[Stefan Walter <stefw src gnome org>]

commit d31a26df7ce8d9c084b9c66fe00458683dde9864
Author: Stef Walter <stefw gnome org>
Date:   Thu Jun 28 15:51:54 2012 +0200

    gpg-agent: Encode passwords when --data was requested
    
     * Use URI encoding to return passwords when gnupg calls us with
       a --data argument.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=678771

 daemon/gpg-agent/gkd-gpg-agent-ops.c |   41 ++++++++++++++++++++++++++++++---
 1 files changed, 37 insertions(+), 4 deletions(-)
---
diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c
index be6c4d3..a1a21ff 100644
--- a/daemon/gpg-agent/gkd-gpg-agent-ops.c
+++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c
@@ -632,11 +632,12 @@ command_has_option (gchar *command, gchar *option)
 	return has_option;
 }
 
+static const char HEXC[] = "0123456789abcdef";
+
 /* Encode a password in hex */
 static gchar*
-encode_password (const gchar *pass)
+hex_encode_password (const gchar *pass)
 {
-	static const char HEXC[] = "0123456789abcdef";
 	int j, c;
 	gchar *enc, *k;
 
@@ -656,6 +657,36 @@ encode_password (const gchar *pass)
 	return enc;
 }
 
+static gchar*
+uri_encode_password (const gchar *value)
+{
+	gchar *p;
+	gchar *result;
+
+	/* Just allocate for worst case */
+	result = egg_secure_alloc ((strlen (value) * 3) + 1);
+
+	/* Now loop through looking for escapes */
+	p = result;
+	while (*value) {
+
+		/* These characters we let through verbatim */
+		if (*value && (g_ascii_isalnum (*value) || strchr ("_-.", *value) != NULL)) {
+			*(p++) = *(value++);
+
+		/* All others get encoded */
+		} else {
+			*(p++) = '%';
+			*(p++) = HEXC[((unsigned char)*value) >> 4];
+			*(p++) = HEXC[((unsigned char)*value) & 0x0F];
+			++value;
+		}
+	}
+
+	*p = 0;
+	return result;
+}
+
 /* ----------------------------------------------------------------------------------
  * OPERATIONS
  */
@@ -737,10 +768,12 @@ gkd_gpg_agent_ops_getpass (GkdGpgAgentCall *call, gchar *args)
 	if (password == NULL) {
 		gkd_gpg_agent_send_reply (call, FALSE, "111 cancelled");
 	} else if (flags & GKD_GPG_AGENT_PASS_AS_DATA) {
-		gkd_gpg_agent_send_data (call, password);
+		encoded = uri_encode_password (password);
+		gkd_gpg_agent_send_data (call, encoded);
 		gkd_gpg_agent_send_reply (call, TRUE, NULL);
+		egg_secure_strfree (encoded);
 	} else {
-		encoded = encode_password (password);
+		encoded = hex_encode_password (password);
 		gkd_gpg_agent_send_reply (call, TRUE, encoded);
 		egg_secure_strfree (encoded);
 	}