From 82574e20c5cc1089bb231603c0d48374aa7e1239 Mon Sep 17 00:00:00 2001
From: Ben Kibbey <bjk@luxsci.net>
Date: Tue, 9 Sep 2014 22:12:19 -0400
Subject: [PATCH] Check permissions before STORE of element content.

Only the owner may STORE element content.
---
 src/commands.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/commands.c b/src/commands.c
index ef6285ab..877d6153 100644
--- a/src/commands.c
+++ b/src/commands.c
@@ -1249,13 +1249,20 @@ again:
 
   if (!rc && len > 1)
     {
-      n = find_text_node (parent->children);
-      if (n)
-	xmlNodeSetContent (n, (xmlChar *) content);
-      else
-	xmlNodeAddContent (parent, (xmlChar *) content);
+      rc = peer_is_self (client);
+      if (rc == GPG_ERR_EPERM)
+        rc = is_element_owner (client, parent);
 
-      update_element_mtime (parent);
+      if (!rc)
+        {
+          n = find_text_node (parent->children);
+          if (n)
+            xmlNodeSetContent (n, (xmlChar *) content);
+          else
+            xmlNodeAddContent (parent, (xmlChar *) content);
+
+          update_element_mtime (parent);
+        }
     }
 
   xfree (content);
-- 
2.11.4.GIT