Andrew's git / gitweb.git / diff
?
Merge branch 'sr/gpg-interface-stop-at-the-end' into maint
authorJunio C Hamano <gitster@pobox.com>
Mon, 29 Jul 2019 19:38:17 +0000 (12:38 -0700)
committerJunio C Hamano <gitster@pobox.com>
Mon, 29 Jul 2019 19:38:17 +0000 (12:38 -0700)
A codepath that reads from GPG for signed object verification read
past the end of allocated buffer, which has been fixed.

* sr/gpg-interface-stop-at-the-end:
gpg-interface: do not scan past the end of buffer

gpg-interface.c patch | blob | history
diff --git a/gpg-interface.c b/gpg-interface.c
index 8ed274533f87198a74a3660809c25932fa43124a..d60115ca404edfedc492c55e5bc0f22fe0eaa5a2 100644 (file)
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -116,6 +116,9 @@ static void parse_gpg_output(struct signature_check *sigc)
        for (line = buf; *line; line = strchrnul(line+1, '\n')) {
                while (*line == '\n')
                        line++;
+               if (!*line)
+                       break;
+
                /* Skip lines that don't start with GNUPG status */
                if (!skip_prefix(line, "[GNUPG:] ", &line))
                        continue;