summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--builtin/receive-pack.c6
-rw-r--r--commit.c5
-rw-r--r--fmt-merge-msg.c4
-rw-r--r--gpg-interface.c37
-rw-r--r--gpg-interface.h6
-rw-r--r--log-tree.c8
-rw-r--r--tag.c4
7 files changed, 35 insertions, 35 deletions
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index 49b846d960..61ab63c2ea 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -769,8 +769,10 @@ static void prepare_push_cert_sha1(struct child_process *proc)
memset(&sigcheck, '\0', sizeof(sigcheck));
bogs = parse_signed_buffer(push_cert.buf, push_cert.len);
- check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
- push_cert.len - bogs, &sigcheck);
+ sigcheck.payload = xmemdupz(push_cert.buf, bogs);
+ sigcheck.payload_len = bogs;
+ check_signature(&sigcheck, push_cert.buf + bogs,
+ push_cert.len - bogs);
nonce_status = check_nonce(push_cert.buf, bogs);
}
diff --git a/commit.c b/commit.c
index 551de4903c..64e040a99b 100644
--- a/commit.c
+++ b/commit.c
@@ -1212,8 +1212,9 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out;
- ret = check_signature(payload.buf, payload.len, signature.buf,
- signature.len, sigc);
+
+ sigc->payload = strbuf_detach(&payload, &sigc->payload_len);
+ ret = check_signature(sigc, signature.buf, signature.len);
out:
strbuf_release(&payload);
diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c
index 5216191488..deca1ea3a3 100644
--- a/fmt-merge-msg.c
+++ b/fmt-merge-msg.c
@@ -533,8 +533,8 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
else {
buf = payload.buf;
len = payload.len;
- if (check_signature(payload.buf, payload.len, sig.buf,
- sig.len, &sigc) &&
+ sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+ if (check_signature(&sigc, sig.buf, sig.len) &&
!sigc.output)
strbuf_addstr(&sig, "gpg verification failed.\n");
else
diff --git a/gpg-interface.c b/gpg-interface.c
index 3e7255a2a9..75ab6faacb 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -19,8 +19,8 @@ struct gpg_format {
const char **verify_args;
const char **sigs;
int (*verify_signed_buffer)(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size);
int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
@@ -53,12 +53,12 @@ static const char *ssh_sigs[] = {
};
static int verify_gpg_signed_buffer(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size);
static int verify_ssh_signed_buffer(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size);
static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
@@ -314,8 +314,8 @@ error:
}
static int verify_gpg_signed_buffer(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size)
{
struct child_process gpg = CHILD_PROCESS_INIT;
@@ -343,14 +343,13 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,
NULL);
sigchain_push(SIGPIPE, SIG_IGN);
- ret = pipe_command(&gpg, payload, payload_size, &gpg_stdout, 0,
+ ret = pipe_command(&gpg, sigc->payload, sigc->payload_len, &gpg_stdout, 0,
&gpg_stderr, 0);
sigchain_pop(SIGPIPE);
delete_tempfile(&temp);
ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
- sigc->payload = xmemdupz(payload, payload_size);
sigc->output = strbuf_detach(&gpg_stderr, NULL);
sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL);
@@ -426,8 +425,8 @@ cleanup:
}
static int verify_ssh_signed_buffer(struct signature_check *sigc,
- struct gpg_format *fmt, const char *payload,
- size_t payload_size, const char *signature,
+ struct gpg_format *fmt,
+ const char *signature,
size_t signature_size)
{
struct child_process ssh_keygen = CHILD_PROCESS_INIT;
@@ -480,7 +479,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
"-n", "git",
"-s", buffer_file->filename.buf,
NULL);
- pipe_command(&ssh_keygen, payload, payload_size,
+ pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
&ssh_keygen_out, 0, &ssh_keygen_err, 0);
/*
@@ -526,7 +525,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
}
sigchain_push(SIGPIPE, SIG_IGN);
- ret = pipe_command(&ssh_keygen, payload, payload_size,
+ ret = pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
&ssh_keygen_out, 0, &ssh_keygen_err, 0);
sigchain_pop(SIGPIPE);
@@ -540,7 +539,6 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
}
}
- sigc->payload = xmemdupz(payload, payload_size);
strbuf_stripspace(&ssh_keygen_out, 0);
strbuf_stripspace(&ssh_keygen_err, 0);
/* Add stderr outputs to show the user actual ssh-keygen errors */
@@ -562,8 +560,8 @@ out:
return ret;
}
-int check_signature(const char *payload, size_t plen, const char *signature,
- size_t slen, struct signature_check *sigc)
+int check_signature(struct signature_check *sigc,
+ const char *signature, size_t slen)
{
struct gpg_format *fmt;
int status;
@@ -575,8 +573,7 @@ int check_signature(const char *payload, size_t plen, const char *signature,
if (!fmt)
die(_("bad/incompatible signature '%s'"), signature);
- status = fmt->verify_signed_buffer(sigc, fmt, payload, plen, signature,
- slen);
+ status = fmt->verify_signed_buffer(sigc, fmt, signature, slen);
if (status && !sigc->output)
return !!status;
@@ -593,7 +590,7 @@ void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
sigc->output;
if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
- fputs(sigc->payload, stdout);
+ fwrite(sigc->payload, 1, sigc->payload_len, stdout);
if (output)
fputs(output, stderr);
diff --git a/gpg-interface.h b/gpg-interface.h
index beefacbb1e..5ee7d8b6b9 100644
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -17,6 +17,7 @@ enum signature_trust_level {
struct signature_check {
char *payload;
+ size_t payload_len;
char *output;
char *gpg_status;
@@ -70,9 +71,8 @@ const char *get_signing_key(void);
* Either a GPG KeyID or a SSH Key Fingerprint
*/
const char *get_signing_key_id(void);
-int check_signature(const char *payload, size_t plen,
- const char *signature, size_t slen,
- struct signature_check *sigc);
+int check_signature(struct signature_check *sigc,
+ const char *signature, size_t slen);
void print_signature_buffer(const struct signature_check *sigc,
unsigned flags);
diff --git a/log-tree.c b/log-tree.c
index 644893fd8c..a46cf60e1e 100644
--- a/log-tree.c
+++ b/log-tree.c
@@ -513,8 +513,8 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
goto out;
- status = check_signature(payload.buf, payload.len, signature.buf,
- signature.len, &sigc);
+ sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+ status = check_signature(&sigc, signature.buf, signature.len);
if (status && !sigc.output)
show_sig_lines(opt, status, "No signature\n");
else
@@ -583,8 +583,8 @@ static int show_one_mergetag(struct commit *commit,
status = -1;
if (parse_signature(extra->value, extra->len, &payload, &signature)) {
/* could have a good signature */
- status = check_signature(payload.buf, payload.len,
- signature.buf, signature.len, &sigc);
+ sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+ status = check_signature(&sigc, signature.buf, signature.len);
if (sigc.output)
strbuf_addstr(&verify_message, sigc.output);
else
diff --git a/tag.c b/tag.c
index 3e18a41841..62fb09f5a5 100644
--- a/tag.c
+++ b/tag.c
@@ -25,8 +25,8 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
return error("no signature found");
}
- ret = check_signature(payload.buf, payload.len, signature.buf,
- signature.len, &sigc);
+ sigc.payload = strbuf_detach(&payload, &sigc.payload_len);
+ ret = check_signature(&sigc, signature.buf, signature.len);
if (!(flags & GPG_VERIFY_OMIT_STATUS))
print_signature_buffer(&sigc, flags);