mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'hi/gpg-use-check-signature'

Browse Source 
Hide lower-level verify_signed-buffer() API as a pure helper to
implement the public check_signature() function, in order to
encourage new callers to use the correct and more strict
validation.

* hi/gpg-use-check-signature:
  gpg-interface: prefer check_signature() for GPG verification
This commit is contained in:
Junio C Hamano
2019-12-10 13:11:45 -08:00
parent 08d2f46d0c 72b006f4bf
commit 930078ba39
4 changed files with 72 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
builtin/fmt-merge-msg.c
View File

@ -494,6 +494,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
enum object_type type;
unsigned long size, len;
char *buf = read_object_file(oid, &type, &size);
struct signature_check sigc = { 0 };
struct strbuf sig = STRBUF_INIT;
if (!buf || type != OBJ_TAG)
@ -502,10 +503,12 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
if (size == len)
; /* merely annotated */
else if (verify_signed_buffer(buf, len, buf + len, size - len, &sig, NULL)) {
if (!sig.len)
strbuf_addstr(&sig, "gpg verification failed.\n");
}
else if (!check_signature(buf, len, buf + len, size - len,
&sigc)) {
strbuf_addstr(&sig, sigc.gpg_output);
signature_check_clear(&sigc);
} else
strbuf_addstr(&sig, "gpg verification failed.\n");
if (!tag_number++) {
fmt_tag_signature(&tagbuf, &sig, buf, len);