diff options
| author | Junio C Hamano <gitster@pobox.com> | 2021-02-23 00:12:42 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-02-23 00:12:42 (GMT) |
| commit | 15af6e6fee54632358798bef548d89dd3764805d (patch) | |
| tree | f4464996780c0c94bd0901bab9e161b9679fe05f /builtin | |
| parent | b9554c03a0a8147109608b94feb32837a6e6a145 (diff) | |
| parent | 9b27b49240f6bf760ff58d917491bec0981aaf9f (diff) | |
| download | git-15af6e6fee54632358798bef548d89dd3764805d.zip git-15af6e6fee54632358798bef548d89dd3764805d.tar.gz git-15af6e6fee54632358798bef548d89dd3764805d.tar.bz2 | |
Merge branch 'bc/signed-objects-with-both-hashes'
Signed commits and tags now allow verification of objects, whose
two object names (one in SHA-1, the other in SHA-256) are both
signed.
* bc/signed-objects-with-both-hashes:
gpg-interface: remove other signature headers before verifying
ref-filter: hoist signature parsing
commit: allow parsing arbitrary buffers with headers
gpg-interface: improve interface for parsing tags
commit: ignore additional signatures when parsing signed commits
ref-filter: switch some uses of unsigned long to size_t
Diffstat (limited to 'builtin')
| -rw-r--r-- | builtin/receive-pack.c | 4 | ||||
| -rw-r--r-- | builtin/tag.c | 16 |
2 files changed, 14 insertions, 6 deletions
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index d49d050..b89ce31 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -764,7 +764,7 @@ static void prepare_push_cert_sha1(struct child_process *proc) memset(&sigcheck, '\0', sizeof(sigcheck)); - bogs = parse_signature(push_cert.buf, push_cert.len); + bogs = parse_signed_buffer(push_cert.buf, push_cert.len); check_signature(push_cert.buf, bogs, push_cert.buf + bogs, push_cert.len - bogs, &sigcheck); @@ -2050,7 +2050,7 @@ static void queue_commands_from_cert(struct command **tail, die("malformed push certificate %.*s", 100, push_cert->buf); else boc += 2; - eoc = push_cert->buf + parse_signature(push_cert->buf, push_cert->len); + eoc = push_cert->buf + parse_signed_buffer(push_cert->buf, push_cert->len); while (boc < eoc) { const char *eol = memchr(boc, '\n', eoc - boc); diff --git a/builtin/tag.c b/builtin/tag.c index e8b85ee..4237dc7 100644 --- a/builtin/tag.c +++ b/builtin/tag.c @@ -198,11 +198,17 @@ static void write_tag_body(int fd, const struct object_id *oid) { unsigned long size; enum object_type type; - char *buf, *sp; + char *buf, *sp, *orig; + struct strbuf payload = STRBUF_INIT; + struct strbuf signature = STRBUF_INIT; - buf = read_object_file(oid, &type, &size); + orig = buf = read_object_file(oid, &type, &size); if (!buf) return; + if (parse_signature(buf, size, &payload, &signature)) { + buf = payload.buf; + size = payload.len; + } /* skip header */ sp = strstr(buf, "\n\n"); @@ -211,9 +217,11 @@ static void write_tag_body(int fd, const struct object_id *oid) return; } sp += 2; /* skip the 2 LFs */ - write_or_die(fd, sp, parse_signature(sp, buf + size - sp)); + write_or_die(fd, sp, buf + size - sp); - free(buf); + free(orig); + strbuf_release(&payload); + strbuf_release(&signature); } static int build_tag_object(struct strbuf *buf, int sign, struct object_id *result) |