diff options
| author | Junio C Hamano <gitster@pobox.com> | 2021-11-03 13:32:28 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-11-03 13:32:28 -0700 |
| commit | e890c845b844864c0bd934e057b92bbeee40cb5b (patch) | |
| tree | e281fbf129468882d0b824b161f581e847762af8 | |
| parent | 0cddd84c9f3e9c3d793ec93034ef679335f35e49 (diff) | |
| parent | 65db97b4fa6b03059f2f14f313e07ca799d4ef3f (diff) | |
| download | git-e890c845b844864c0bd934e057b92bbeee40cb5b.tar.gz | |
Merge branch 'rs/ssh-signing-fix'
Fixes to recently merged topic.
* rs/ssh-signing-fix:
gpg-interface: avoid buffer overrun in parse_ssh_output()
gpg-interface: handle missing " with " gracefully in parse_ssh_output()
| -rw-r--r-- | gpg-interface.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/gpg-interface.c b/gpg-interface.c index 800d8caa67..3838536f0a 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -387,10 +387,6 @@ static void parse_ssh_output(struct signature_check *sigc) line = to_free = xmemdupz(sigc->output, strcspn(sigc->output, "\n")); if (skip_prefix(line, "Good \"git\" signature for ", &line)) { - /* Valid signature and known principal */ - sigc->result = 'G'; - sigc->trust_level = TRUST_FULLY; - /* Search for the last "with" to get the full principal */ principal = line; do { @@ -398,6 +394,12 @@ static void parse_ssh_output(struct signature_check *sigc) if (search) line = search + 1; } while (search != NULL); + if (line == principal) + goto cleanup; + + /* Valid signature and known principal */ + sigc->result = 'G'; + sigc->trust_level = TRUST_FULLY; sigc->signer = xmemdupz(principal, line - principal - 1); } else if (skip_prefix(line, "Good \"git\" signature with ", &line)) { /* Valid signature, but key unknown */ @@ -407,9 +409,9 @@ static void parse_ssh_output(struct signature_check *sigc) goto cleanup; } - key = strstr(line, "key"); + key = strstr(line, "key "); if (key) { - sigc->fingerprint = xstrdup(strstr(line, "key") + 4); + sigc->fingerprint = xstrdup(strstr(line, "key ") + 4); sigc->key = xstrdup(sigc->fingerprint); } else { /* |