diff options
| author |  René Scharfe <l.s.r@web.de> | 2021-10-30 19:04:56 +0200 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2021-11-01 17:00:41 -0700 |
| commit | 18b18503e3b3721e0a513cbc83971a960e944c19 (patch) | |
| tree | 9e42c9bec86dfb51d5c58e2c686b15c9318894ae | |
| parent | Git 2.34-rc0 (diff) | |
| download | tgif-18b18503e3b3721e0a513cbc83971a960e944c19.tar.xz | |
gpg-interface: handle missing " with " gracefully in parse_ssh_output()
If the output of ssh-keygen starts with "Good \"git\" signature for ",
but is not followed by " with " for some reason, then parse_ssh_output()
uses -1 as the len parameter of xmemdupz(), which in turn will end the
program. Reject the signature and carry on instead in that case.
Signed-off-by: René Scharfe <l.s.r@web.de>
Acked-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | gpg-interface.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/gpg-interface.c b/gpg-interface.c index 800d8caa67..62d340e78a 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -387,10 +387,6 @@ static void parse_ssh_output(struct signature_check *sigc) line = to_free = xmemdupz(sigc->output, strcspn(sigc->output, "\n")); if (skip_prefix(line, "Good \"git\" signature for ", &line)) { - /* Valid signature and known principal */ - sigc->result = 'G'; - sigc->trust_level = TRUST_FULLY; - /* Search for the last "with" to get the full principal */ principal = line; do { @@ -398,6 +394,12 @@ static void parse_ssh_output(struct signature_check *sigc) if (search) line = search + 1; } while (search != NULL); + if (line == principal) + goto cleanup; + + /* Valid signature and known principal */ + sigc->result = 'G'; + sigc->trust_level = TRUST_FULLY; sigc->signer = xmemdupz(principal, line - principal - 1); } else if (skip_prefix(line, "Good \"git\" signature with ", &line)) { /* Valid signature, but key unknown */ |