From: Ben Toews <mastahyeti@gmail.com>
To: git@vger.kernel.org
Cc: me@ttaylorr.com, peff@peff.net, sbeller@google.com,
gitster@pobox.com, szeder.dev@gmail.com, sunshine@sunshineco.com,
Ben Toews <mastahyeti@gmail.com>
Subject: [PATCH v2 7/9] gpg-interface: find the last gpg signature line
Date: Fri, 13 Apr 2018 15:18:35 -0600 [thread overview]
Message-ID: <20180413211837.99415-8-mastahyeti@gmail.com> (raw)
In-Reply-To: <20180413211837.99415-1-mastahyeti@gmail.com>
In-Reply-To: <20180409204129.43537-1-mastahyeti@gmail.com>
From: Jeff King <peff@peff.net>
A signed tag has a detached signature like this:
object ...
[...more header...]
This is the tag body.
-----BEGIN PGP SIGNATURE-----
[opaque gpg data]
-----END PGP SIGNATURE-----
Our parser finds the _first_ line that appears to start a
PGP signature block, meaning we may be confused by a
signature (or a signature-like line) in the actual body.
Let's keep parsing and always find the final block, which
should be the detached signature over all of the preceding
content.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
---
gpg-interface.c | 12 +++++++++---
t/t7004-tag.sh | 11 +++++++++++
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/gpg-interface.c b/gpg-interface.c
index 79333c1ee8..0647bd6348 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -110,11 +110,17 @@ static int is_gpg_start(const char *line)
size_t parse_signature(const char *buf, size_t size)
{
size_t len = 0;
- while (len < size && !is_gpg_start(buf + len)) {
- const char *eol = memchr(buf + len, '\n', size - len);
+ size_t match = size;
+ while (len < size) {
+ const char *eol;
+
+ if (is_gpg_start(buf + len))
+ match = len;
+
+ eol = memchr(buf + len, '\n', size - len);
len += eol ? eol - (buf + len) + 1 : size - len;
}
- return len;
+ return match;
}
void set_signing_key(const char *key)
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index ee093b393d..e3f1e014aa 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1059,6 +1059,17 @@ test_expect_success GPG \
git tag -v blanknonlfile-signed-tag
'
+test_expect_success GPG 'signed tag with embedded PGP message' '
+ cat >msg <<-\EOF &&
+ -----BEGIN PGP MESSAGE-----
+
+ this is not a real PGP message
+ -----END PGP MESSAGE-----
+ EOF
+ git tag -s -F msg confusing-pgp-message &&
+ git tag -v confusing-pgp-message
+'
+
# messages with commented lines for signed tags:
cat >sigcommentsfile <<EOF
--
2.15.1 (Apple Git-101)
next prev parent reply other threads:[~2018-04-13 21:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-09 20:41 [PATCH 0/8] gpg-interface: Multiple signing tools Ben Toews
2018-04-09 20:41 ` [PATCH 1/8] gpg-interface: handle bool user.signingkey Ben Toews
2018-04-09 20:55 ` Eric Sunshine
2018-04-10 14:32 ` Jeff King
2018-04-09 20:41 ` [PATCH 2/8] gpg-interface: modernize function declarations Ben Toews
2018-04-09 20:41 ` [PATCH 3/8] gpg-interface: use size_t for signature buffer size Ben Toews
2018-04-09 20:41 ` [PATCH 4/8] gpg-interface: fix const-correctness of "eol" pointer Ben Toews
2018-04-09 20:41 ` [PATCH 5/8] gpg-interface: extract gpg line matching helper Ben Toews
2018-04-09 20:41 ` [PATCH 6/8] gpg-interface: find the last gpg signature line Ben Toews
2018-04-09 21:13 ` Eric Sunshine
2018-04-10 9:44 ` Junio C Hamano
2018-04-10 14:47 ` Ben Toews
2018-04-10 21:04 ` Junio C Hamano
2018-04-10 22:17 ` Junio C Hamano
2018-04-11 15:19 ` Ben Toews
2018-04-09 20:41 ` [PATCH 7/8] gpg-interface: prepare for parsing arbitrary PEM blocks Ben Toews
2018-04-09 20:41 ` [PATCH 8/8] gpg-interface: handle alternative signature types Ben Toews
2018-04-09 21:01 ` Stefan Beller
2018-04-10 8:24 ` Eric Sunshine
2018-04-10 15:00 ` Ben Toews
2018-04-14 19:59 ` brian m. carlson
2018-04-16 5:05 ` Junio C Hamano
2018-04-17 0:12 ` brian m. carlson
2018-04-17 1:54 ` Junio C Hamano
2018-04-17 18:08 ` Ben Toews
2018-04-17 18:33 ` Taylor Blau
2018-05-03 16:03 ` Ben Toews
2018-05-07 9:45 ` Jeff King
2018-05-07 15:18 ` Junio C Hamano
2018-05-07 23:06 ` brian m. carlson
2018-05-08 13:28 ` Jeff King
2018-05-08 23:09 ` brian m. carlson
2018-05-09 8:03 ` Jeff King
2018-04-10 9:35 ` Junio C Hamano
2018-04-10 16:01 ` Ben Toews
2018-04-11 10:11 ` SZEDER Gábor
2018-04-13 21:18 ` [PATCH v2 0/9] gpg-interface: Multiple signing tools Ben Toews
2018-04-13 21:18 ` [PATCH v2 1/9] t7004: fix mistaken tag name Ben Toews
2018-04-13 21:18 ` [PATCH v2 2/9] gpg-interface: handle bool user.signingkey Ben Toews
2018-04-13 21:18 ` [PATCH v2 3/9] gpg-interface: modernize function declarations Ben Toews
2018-04-13 21:18 ` [PATCH v2 4/9] gpg-interface: use size_t for signature buffer size Ben Toews
2018-04-13 21:18 ` [PATCH v2 5/9] gpg-interface: fix const-correctness of "eol" pointer Ben Toews
2018-04-13 21:18 ` [PATCH v2 6/9] gpg-interface: extract gpg line matching helper Ben Toews
2018-04-13 21:18 ` Ben Toews [this message]
2018-04-13 21:18 ` [PATCH v2 8/9] gpg-interface: prepare for parsing arbitrary PEM blocks Ben Toews
2018-04-13 21:18 ` [PATCH v2 9/9] gpg-interface: handle alternative signature types Ben Toews
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180413211837.99415-8-mastahyeti@gmail.com \
--to=mastahyeti@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
--cc=sbeller@google.com \
--cc=sunshine@sunshineco.com \
--cc=szeder.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).