From: Eric Sunshine <sunshine@sunshineco.com>
To: Ben Toews <mastahyeti@gmail.com>
Cc: Git List <git@vger.kernel.org>, Taylor Blau <me@ttaylorr.com>,
Jeff King <peff@peff.net>
Subject: Re: [PATCH 6/8] gpg-interface: find the last gpg signature line
Date: Mon, 9 Apr 2018 17:13:46 -0400 [thread overview]
Message-ID: <CAPig+cQQuvr5hOXgLM7rwHDK-q4eJrNLR==F+mQfHrBRjj0vWg@mail.gmail.com> (raw)
In-Reply-To: <20180409204129.43537-7-mastahyeti@gmail.com>
On Mon, Apr 9, 2018 at 4:41 PM, Ben Toews <mastahyeti@gmail.com> wrote:
> From: Jeff King <peff@peff.net>
>
> A signed tag has a detached signature like this:
>
> object ...
> [...more header...]
>
> This is the tag body.
>
> -----BEGIN PGP SIGNATURE-----
> [opaque gpg data]
> -----END PGP SIGNATURE-----
>
> Our parser finds the _first_ line that appears to start a
> PGP signature block, meaning we may be confused by a
> signature (or a signature-like line) in the actual body.
> Let's keep parsing and always find the final block, which
> should be the detached signature over all of the preceding
> content.
> ---
> diff --git a/gpg-interface.c b/gpg-interface.c
> @@ -110,11 +110,17 @@ static int is_gpg_start(const char *line)
> size_t parse_signature(const char *buf, size_t size)
> {
> size_t len = 0;
> - while (len < size && !is_gpg_start(buf + len)) {
> - const char *eol = memchr(buf + len, '\n', size - len);
> + size_t match = size;
If no GPG-start line is found then 'size' will be returned, which
matches the logic before this change. Okay.
> + while (len < size) {
> + const char *eol;
> +
> + if (is_gpg_start(buf + len))
> + match = len;
Otherwise, the position of the final GPG-start line will be remembered
and returned. Makes sense.
> + eol = memchr(buf + len, '\n', size - len);
> len += eol ? eol - (buf + len) + 1 : size - len;
> }
> - return len;
> + return match;
> }
> diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
> @@ -1059,6 +1059,17 @@ test_expect_success GPG \
> +test_expect_success GPG 'signed tag with embedded PGP message' '
> + cat >msg <<-\EOF &&
> + -----BEGIN PGP MESSAGE-----
> +
> + this is not a real PGP message
> + -----END PGP MESSAGE-----
> + EOF
This bogus PGP message is just in the body...
> + git tag -s -F msg confusing-pgp-message &&
and "git tag -s" adds the real PGP message at the end...
> + git tag -v confusing-pgp-message
and the new logic finds the real PGP message rather than the bogus
one, so "git tag -v" exits successfully. Looks good.
> +'
next prev parent reply other threads:[~2018-04-09 21:13 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-09 20:41 [PATCH 0/8] gpg-interface: Multiple signing tools Ben Toews
2018-04-09 20:41 ` [PATCH 1/8] gpg-interface: handle bool user.signingkey Ben Toews
2018-04-09 20:55 ` Eric Sunshine
2018-04-10 14:32 ` Jeff King
2018-04-09 20:41 ` [PATCH 2/8] gpg-interface: modernize function declarations Ben Toews
2018-04-09 20:41 ` [PATCH 3/8] gpg-interface: use size_t for signature buffer size Ben Toews
2018-04-09 20:41 ` [PATCH 4/8] gpg-interface: fix const-correctness of "eol" pointer Ben Toews
2018-04-09 20:41 ` [PATCH 5/8] gpg-interface: extract gpg line matching helper Ben Toews
2018-04-09 20:41 ` [PATCH 6/8] gpg-interface: find the last gpg signature line Ben Toews
2018-04-09 21:13 ` Eric Sunshine [this message]
2018-04-10 9:44 ` Junio C Hamano
2018-04-10 14:47 ` Ben Toews
2018-04-10 21:04 ` Junio C Hamano
2018-04-10 22:17 ` Junio C Hamano
2018-04-11 15:19 ` Ben Toews
2018-04-09 20:41 ` [PATCH 7/8] gpg-interface: prepare for parsing arbitrary PEM blocks Ben Toews
2018-04-09 20:41 ` [PATCH 8/8] gpg-interface: handle alternative signature types Ben Toews
2018-04-09 21:01 ` Stefan Beller
2018-04-10 8:24 ` Eric Sunshine
2018-04-10 15:00 ` Ben Toews
2018-04-14 19:59 ` brian m. carlson
2018-04-16 5:05 ` Junio C Hamano
2018-04-17 0:12 ` brian m. carlson
2018-04-17 1:54 ` Junio C Hamano
2018-04-17 18:08 ` Ben Toews
2018-04-17 18:33 ` Taylor Blau
2018-05-03 16:03 ` Ben Toews
2018-05-07 9:45 ` Jeff King
2018-05-07 15:18 ` Junio C Hamano
2018-05-07 23:06 ` brian m. carlson
2018-05-08 13:28 ` Jeff King
2018-05-08 23:09 ` brian m. carlson
2018-05-09 8:03 ` Jeff King
2018-04-10 9:35 ` Junio C Hamano
2018-04-10 16:01 ` Ben Toews
2018-04-11 10:11 ` SZEDER Gábor
2018-04-13 21:18 ` [PATCH v2 0/9] gpg-interface: Multiple signing tools Ben Toews
2018-04-13 21:18 ` [PATCH v2 1/9] t7004: fix mistaken tag name Ben Toews
2018-04-13 21:18 ` [PATCH v2 2/9] gpg-interface: handle bool user.signingkey Ben Toews
2018-04-13 21:18 ` [PATCH v2 3/9] gpg-interface: modernize function declarations Ben Toews
2018-04-13 21:18 ` [PATCH v2 4/9] gpg-interface: use size_t for signature buffer size Ben Toews
2018-04-13 21:18 ` [PATCH v2 5/9] gpg-interface: fix const-correctness of "eol" pointer Ben Toews
2018-04-13 21:18 ` [PATCH v2 6/9] gpg-interface: extract gpg line matching helper Ben Toews
2018-04-13 21:18 ` [PATCH v2 7/9] gpg-interface: find the last gpg signature line Ben Toews
2018-04-13 21:18 ` [PATCH v2 8/9] gpg-interface: prepare for parsing arbitrary PEM blocks Ben Toews
2018-04-13 21:18 ` [PATCH v2 9/9] gpg-interface: handle alternative signature types Ben Toews
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPig+cQQuvr5hOXgLM7rwHDK-q4eJrNLR==F+mQfHrBRjj0vWg@mail.gmail.com' \
--to=sunshine@sunshineco.com \
--cc=git@vger.kernel.org \
--cc=mastahyeti@gmail.com \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).