From: Hans Jerry Illikainen <hji@dyntopia.com>
To: git@vger.kernel.org
Cc: Hans Jerry Illikainen <hji@dyntopia.com>
Subject: [PATCH 1/1] gpg-interface: limit search for primary key fingerprint
Date: Sat, 16 Nov 2019 18:06:55 +0000 [thread overview]
Message-ID: <20191116180655.10988-2-hji@dyntopia.com> (raw)
In-Reply-To: <20191116180655.10988-1-hji@dyntopia.com>
The VALIDSIG status line from GnuPG with --status-fd has a field that
specifies the fingerprint of the primary key that made the signature.
However, that field is only available for OpenPGP signatures; not for
CMS/X.509.
An unbounded search for a non-existent primary key fingerprint for X509
signatures results in the following status line being interpreted as the
fingerprint.
Signed-off-by: Hans Jerry Illikainen <hji@dyntopia.com>
---
gpg-interface.c | 20 +++++++++++++++-----
t/t4202-log.sh | 6 ++++++
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/gpg-interface.c b/gpg-interface.c
index d60115ca40..01c7ef42d4 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -148,21 +148,31 @@ static void parse_gpg_output(struct signature_check *sigc)
}
/* Do we have fingerprint? */
if (sigcheck_gpg_status[i].flags & GPG_STATUS_FINGERPRINT) {
+ const char *limit;
+
next = strchrnul(line, ' ');
free(sigc->fingerprint);
sigc->fingerprint = xmemdupz(line, next - line);
- /* Skip interim fields */
+ /* Skip interim fields. The search is
+ * limited to the same line since only
+ * OpenPGP signatures has a field with
+ * the primary fingerprint. */
+ limit = strchrnul(line, '\n');
for (j = 9; j > 0; j--) {
- if (!*next)
+ if (!*next || next >= limit)
break;
line = next + 1;
next = strchrnul(line, ' ');
}
- next = strchrnul(line, '\n');
- free(sigc->primary_key_fingerprint);
- sigc->primary_key_fingerprint = xmemdupz(line, next - line);
+ if (j == 0) {
+ next = strchrnul(line, '\n');
+ free(sigc->primary_key_fingerprint);
+ sigc->primary_key_fingerprint =
+ xmemdupz(line,
+ next - line);
+ }
}
break;
diff --git a/t/t4202-log.sh b/t/t4202-log.sh
index e803ba402e..5d893b3137 100755
--- a/t/t4202-log.sh
+++ b/t/t4202-log.sh
@@ -1580,6 +1580,12 @@ test_expect_success GPGSM 'setup signed branch x509' '
git commit -S -m signed_commit
'
+test_expect_success GPGSM 'log x509 fingerprint' '
+ echo "F8BF62E0693D0694816377099909C779FA23FD65 | " >expect &&
+ git log -n1 --format="%GF | %GP" signed-x509 >actual &&
+ test_cmp expect actual
+'
+
test_expect_success GPG 'log --graph --show-signature' '
git log --graph --show-signature -n1 signed >actual &&
grep "^| gpg: Signature made" actual &&
--
2.24.0.156.g69483321b9.dirty
next prev parent reply other threads:[~2019-11-16 18:09 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-16 18:06 [PATCH 0/1] Limit search for primary key fingerprint Hans Jerry Illikainen
2019-11-16 18:06 ` Hans Jerry Illikainen [this message]
2019-11-18 5:40 ` [PATCH 1/1] gpg-interface: limit " Junio C Hamano
2019-11-21 23:19 ` Hans Jerry Illikainen
2019-11-22 2:39 ` Junio C Hamano
2019-11-22 3:44 ` Junio C Hamano
2019-11-22 20:23 ` Hans Jerry Illikainen
2019-11-23 0:18 ` Junio C Hamano
2019-11-16 19:49 ` [PATCH 0/1] Limit " Jonathan Nieder
2019-11-16 21:58 ` [PATCH v2 " Hans Jerry Illikainen
2019-11-16 21:58 ` [PATCH v2 1/1] gpg-interface: limit " Hans Jerry Illikainen
2019-11-21 23:43 ` [PATCH v3 0/2] gpg-interface: fix " Hans Jerry Illikainen
2019-11-21 23:43 ` [PATCH v3 1/2] gpg-interface: refactor the free-and-xmemdupz pattern Hans Jerry Illikainen
2019-11-22 2:45 ` Junio C Hamano
2019-11-21 23:43 ` [PATCH v3 2/2] gpg-interface: limit search for primary key fingerprint Hans Jerry Illikainen
2019-11-22 3:34 ` Junio C Hamano
2019-11-22 20:23 ` [PATCH v4 0/2] Limit search for primary fingerprint Hans Jerry Illikainen
2019-11-22 20:23 ` [PATCH v4 1/2] gpg-interface: refactor the free-and-xmemdupz pattern Hans Jerry Illikainen
2019-11-22 20:23 ` [PATCH v4 2/2] gpg-interface: limit search for primary key fingerprint Hans Jerry Illikainen
2019-11-23 0:22 ` [PATCH v4 0/2] Limit search for primary fingerprint Junio C Hamano
2019-11-18 4:45 ` [PATCH 0/1] Limit search for primary key fingerprint Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191116180655.10988-2-hji@dyntopia.com \
--to=hji@dyntopia.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).