summaryrefslogtreecommitdiff
path: root/gpg-interface.c
diff options
context:
space:
mode:
authorHans Jerry Illikainen <hji@dyntopia.com>2019-11-22 20:23:12 (GMT)
committerJunio C Hamano <gitster@pobox.com>2019-11-23 00:18:40 (GMT)
commit67a6ea63008bcee32a239934ad29eb5c5a554509 (patch)
treeced58695d6c423f4ae0db505d095dbd3463fe592 /gpg-interface.c
parent392b862e9aea69acf43532527e27644c97e3ea56 (diff)
downloadgit-67a6ea63008bcee32a239934ad29eb5c5a554509.zip
git-67a6ea63008bcee32a239934ad29eb5c5a554509.tar.gz
git-67a6ea63008bcee32a239934ad29eb5c5a554509.tar.bz2
gpg-interface: limit search for primary key fingerprint
The VALIDSIG status line from GnuPG with --status-fd is documented to have 9 required and 1 optional fields [1]. The final, and optional, field is used to specify the fingerprint of the primary key that made the signature in case it was made by a subkey. However, this field is only available for OpenPGP signatures; not for CMS/X.509. If the VALIDSIG status line does not have the optional 10th field, the current code will continue reading onto the next status line. And this is the case for non-OpenPGP signatures [1]. The consequence is that a subsequent status line may be considered as the "primary key" for signatures that does not have an actual primary key. Limit the search of these 9 or 10 fields to the single line to avoid this problem. If the 10th field is missing, report that there is no primary key fingerprint. [Reference] [1] GnuPG Details, General status codes https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=6ce340e8c04794add995e84308bb3091450bd28f;hb=HEAD#l483 The documentation says: VALIDSIG <args> The args are: - <fingerprint_in_hex> - <sig_creation_date> - <sig-timestamp> - <expire-timestamp> - <sig-version> - <reserved> - <pubkey-algo> - <hash-algo> - <sig-class> - [ <primary-key-fpr> ] This status indicates that the signature is cryptographically valid. [...] PRIMARY-KEY-FPR is the fingerprint of the primary key or identical to the first argument. The primary-key-fpr parameter is used for OpenPGP and not available for CMS signatures. [...] Signed-off-by: Hans Jerry Illikainen <hji@dyntopia.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gpg-interface.c')
-rw-r--r--gpg-interface.c24
1 files changed, 18 insertions, 6 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index 37162c9..131e7d5 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -156,21 +156,33 @@ static void parse_gpg_output(struct signature_check *sigc)
}
/* Do we have fingerprint? */
if (sigcheck_gpg_status[i].flags & GPG_STATUS_FINGERPRINT) {
+ const char *limit;
+ char **field;
+
next = strchrnul(line, ' ');
replace_cstring(&sigc->fingerprint, line, next);
- /* Skip interim fields */
+ /*
+ * Skip interim fields. The search is
+ * limited to the same line since only
+ * OpenPGP signatures has a field with
+ * the primary fingerprint.
+ */
+ limit = strchrnul(line, '\n');
for (j = 9; j > 0; j--) {
- if (!*next)
+ if (!*next || limit <= next)
break;
line = next + 1;
next = strchrnul(line, ' ');
}
- next = strchrnul(line, '\n');
- free(sigc->primary_key_fingerprint);
- replace_cstring(&sigc->primary_key_fingerprint,
- line, next);
+ field = &sigc->primary_key_fingerprint;
+ if (!j) {
+ next = strchrnul(line, '\n');
+ replace_cstring(field, line, next);
+ } else {
+ replace_cstring(field, NULL, NULL);
+ }
}
break;