From: Henning Schild <henning.schild@siemens.com>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org, "Eric Sunshine" <sunshine@sunshineco.com>,
"Junio C Hamano" <gitster@pobox.com>,
"Martin Ågren" <martin.agren@gmail.com>,
"Ben Toews" <mastahyeti@gmail.com>,
"Taylor Blau" <me@ttaylorr.com>,
"brian m . carlson" <sandals@crustytoothpaste.net>
Subject: Re: [PATCH v2 6/9] gpg-interface: do not hardcode the key string len anymore
Date: Wed, 11 Jul 2018 18:15:05 +0200 [thread overview]
Message-ID: <20180711181505.31ea530b@md1pvb1c.ad001.siemens.net> (raw)
In-Reply-To: <20180711142751.GF23835@sigill.intra.peff.net>
Am Wed, 11 Jul 2018 10:27:52 -0400
schrieb Jeff King <peff@peff.net>:
> On Wed, Jul 11, 2018 at 03:46:19PM +0200, Henning Schild wrote:
>
> > > I think it's worth addressing in the near term, if only because
> > > this kind of off-by-one is quite subtle, and I don't want to
> > > forget to deal with it. Whether that happens as part of this
> > > patch, or as a cleanup before or after, I'm not picky. :)
> >
> > I get that and if anyone is willing to write that code, i will base
> > my patches on it. What i want to avoid is taking responsibility for
> > problems i did not introduce, just because i happen to work on that
> > code at the moment. Keeping track of that (not forgetting) is also
> > not for the random contributor like myself.
>
> It doesn't make sense to do a patch before your series, since it would
> just be:
>
> if (strlen(found) > 16)
> ...
Instead of randomly crashing on unexpected input, we would now silently
ignore it.
> which would get obliterated by your patch. The patch after is shown
> below. But frankly, it seems a lot easier to just handle this while
> you are rewriting the code.
>
> -- >8 --
> Subject: [PATCH] gpg-interface: handle off-by-one parsing gpg output
>
> When parsing gpg's VALIDSIG lines, we look for a space
> followed by the signer information. Because we use
> strchrnul(), though, if the space is missing we'll end up
> pointing to the trailing NUL. When we try to move past that
> space, we have to handle the NUL case separately to avoid
> accidentally stepping out of the string entirely.
True.
> Signed-off-by: Jeff King <peff@peff.net>
> ---
> gpg-interface.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gpg-interface.c b/gpg-interface.c
> index bf8d567a4c..139b0f561e 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -97,7 +97,7 @@ static void parse_gpg_output(struct signature_check
> *sigc) sigc->key = xmemdupz(found, next - found);
> /* The ERRSIG message is not followed by
> signer information */ if (sigc-> result != 'E') {
> - found = next + 1;
> + found = *next ? next + 1 : next;
This would keep us in bounds of the unexpected string. But ignore the
line instead of "complaining" or crashing.
But you are right, it is easy enough and ignoring the line is probably
the best way of dealing with it.
i will change the condition to
> if (*next && sigc-> result != 'E')
also skipping the following strchrnul and xmemdupz
Henning
> next = strchrnul(found, '\n');
> sigc->signer = xmemdupz(found, next
> - found); }
next prev parent reply other threads:[~2018-07-11 16:15 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-10 8:52 [PATCH v2 0/9] X509 (gpgsm) commit signing support Henning Schild
2018-07-10 8:52 ` [PATCH v2 1/9] builtin/receive-pack: use check_signature from gpg-interface Henning Schild
2018-07-10 8:52 ` [PATCH v2 2/9] gpg-interface: make parse_gpg_output static and remove from interface header Henning Schild
2018-07-10 16:47 ` Junio C Hamano
2018-07-11 8:41 ` Henning Schild
2018-07-10 8:52 ` [PATCH v2 3/9] gpg-interface: add new config to select how to sign a commit Henning Schild
2018-07-10 15:56 ` Jeff King
2018-07-10 8:52 ` [PATCH v2 4/9] t/t7510: check the validation of the new config gpg.format Henning Schild
2018-07-10 15:55 ` Jeff King
2018-07-11 8:02 ` Henning Schild
2018-07-10 16:54 ` Junio C Hamano
2018-07-11 8:47 ` Henning Schild
2018-07-10 8:52 ` [PATCH v2 5/9] gpg-interface: introduce an abstraction for multiple gpg formats Henning Schild
2018-07-10 16:23 ` Jeff King
2018-07-13 8:41 ` Henning Schild
2018-07-10 17:16 ` Junio C Hamano
2018-07-13 8:41 ` Henning Schild
2018-07-10 8:52 ` [PATCH v2 6/9] gpg-interface: do not hardcode the key string len anymore Henning Schild
2018-07-10 15:49 ` Jeff King
2018-07-11 8:54 ` Henning Schild
2018-07-11 12:34 ` Jeff King
2018-07-11 13:46 ` Henning Schild
2018-07-11 14:27 ` Jeff King
2018-07-11 16:15 ` Henning Schild [this message]
2018-07-11 16:38 ` Jeff King
2018-07-10 8:52 ` [PATCH v2 7/9] gpg-interface: introduce new config to select per gpg format program Henning Schild
2018-07-10 16:54 ` Jeff King
2018-07-10 16:56 ` Jeff King
2018-07-14 18:13 ` brian m. carlson
2018-07-16 21:35 ` Jeff King
2018-07-16 21:56 ` Junio C Hamano
2018-07-16 22:23 ` Jeff King
2018-07-16 23:12 ` Junio C Hamano
2018-07-10 17:29 ` Junio C Hamano
2018-07-13 8:41 ` Henning Schild
2018-07-10 8:52 ` [PATCH v2 8/9] gpg-interface: introduce new signature format "x509" using gpgsm Henning Schild
2018-07-10 17:01 ` Jeff King
2018-07-10 17:40 ` Junio C Hamano
2018-07-10 17:50 ` Jeff King
2018-07-11 9:18 ` Henning Schild
2018-07-10 8:52 ` [PATCH v2 9/9] gpg-interface t: extend the existing GPG tests with GPGSM Henning Schild
2018-07-10 17:09 ` Jeff King
2018-07-10 17:16 ` Jeff King
2018-07-11 10:38 ` Henning Schild
2018-07-11 12:51 ` Jeff King
2018-07-11 13:40 ` Henning Schild
2018-07-11 14:35 ` Jeff King
2018-07-11 15:48 ` Henning Schild
2018-07-11 16:26 ` Junio C Hamano
2018-07-14 18:26 ` brian m. carlson
2018-07-10 21:12 ` Junio C Hamano
2018-07-11 10:38 ` Henning Schild
2018-07-11 14:33 ` Jeff King
2018-07-11 16:35 ` Henning Schild
2018-07-10 17:12 ` [PATCH v2 0/9] X509 (gpgsm) commit signing support Jeff King
2018-07-14 18:33 ` brian m. carlson
2018-07-16 21:32 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180711181505.31ea530b@md1pvb1c.ad001.siemens.net \
--to=henning.schild@siemens.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=martin.agren@gmail.com \
--cc=mastahyeti@gmail.com \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).