summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian m. carlson <sandals@crustytoothpaste.net>2021-02-11 02:08:06 (GMT)
committerJunio C Hamano <gitster@pobox.com>2021-02-11 07:35:42 (GMT)
commit9b27b49240f6bf760ff58d917491bec0981aaf9f (patch)
tree189bc11259d633e7cd134c02bf0fdb80b7b20e78
parent88bce0e24c8f777fce1f726b4553bd32286bba04 (diff)
downloadgit-9b27b49240f6bf760ff58d917491bec0981aaf9f.zip
git-9b27b49240f6bf760ff58d917491bec0981aaf9f.tar.gz
git-9b27b49240f6bf760ff58d917491bec0981aaf9f.tar.bz2
gpg-interface: remove other signature headers before verifying
When we have a multiply signed commit, we need to remove the signature in the header before verifying the object, since the trailing signature will not be over both pieces of data. Do so, and verify that we validate the signature appropriately. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--gpg-interface.c2
-rwxr-xr-xt/t7004-tag.sh25
2 files changed, 27 insertions, 0 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index c6274c1..127aecf 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -1,4 +1,5 @@
#include "cache.h"
+#include "commit.h"
#include "config.h"
#include "run-command.h"
#include "strbuf.h"
@@ -366,6 +367,7 @@ int parse_signature(const char *buf, size_t size, struct strbuf *payload, struct
size_t match = parse_signed_buffer(buf, size);
if (match != size) {
strbuf_add(payload, buf, match);
+ remove_signature(payload);
strbuf_add(signature, buf + match, size - match);
return 1;
}
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index 05f411c..6fb4e3c 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -17,6 +17,13 @@ tag_exists () {
git show-ref --quiet --verify refs/tags/"$1"
}
+test_expect_success 'setup' '
+ test_oid_cache <<-EOM
+ othersigheader sha1:gpgsig-sha256
+ othersigheader sha256:gpgsig
+ EOM
+'
+
test_expect_success 'listing all tags in an empty tree should succeed' '
git tag -l &&
git tag
@@ -1371,6 +1378,24 @@ test_expect_success GPG \
'test_config gpg.program echo &&
test_must_fail git tag -s -m tail tag-gpg-failure'
+# try to produce invalid signature
+test_expect_success GPG 'git verifies tag is valid with double signature' '
+ git tag -s -m tail tag-gpg-double-sig &&
+ git cat-file tag tag-gpg-double-sig >tag &&
+ othersigheader=$(test_oid othersigheader) &&
+ sed -ne "/^\$/q;p" tag >new-tag &&
+ cat <<-EOM >>new-tag &&
+ $othersigheader -----BEGIN PGP SIGNATURE-----
+ someinvaliddata
+ -----END PGP SIGNATURE-----
+ EOM
+ sed -e "1,/^tagger/d" tag >>new-tag &&
+ new_tag=$(git hash-object -t tag -w new-tag) &&
+ git update-ref refs/tags/tag-gpg-double-sig $new_tag &&
+ git verify-tag tag-gpg-double-sig &&
+ git fsck
+'
+
# try to sign with bad user.signingkey
test_expect_success GPGSM \
'git tag -s fails if gpgsm is misconfigured (bad key)' \