From 42149d7f4b1424b29c0bae4f564d5f50a856bcea Mon Sep 17 00:00:00 2001 From: Henning Schild Date: Tue, 17 Jul 2018 14:50:10 +0200 Subject: [PATCH] gpg-interface: do not hardcode the key string len anymore gnupg does print the keyid followed by a space and the signer comes next. The same pattern is also used in gpgsm, but there the key length would be 40 instead of 16. Instead of hardcoding the expected length, find the first space and calculate it. Input that does not match the expected format will be ignored now, before we jumped to found+17 which might have been behind the end of an unexpected string. Signed-off-by: Henning Schild Signed-off-by: Junio C Hamano --- gpg-interface.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/gpg-interface.c b/gpg-interface.c index a02db76580..51cad9081d 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -95,10 +95,11 @@ static void parse_gpg_output(struct signature_check *sigc) sigc->result = sigcheck_gpg_status[i].result; /* The trust messages are not followed by key/signer information */ if (sigc->result != 'U') { - sigc->key = xmemdupz(found, 16); + next = strchrnul(found, ' '); + sigc->key = xmemdupz(found, next - found); /* The ERRSIG message is not followed by signer information */ - if (sigc-> result != 'E') { - found += 17; + if (*next && sigc-> result != 'E') { + found = next + 1; next = strchrnul(found, '\n'); sigc->signer = xmemdupz(found, next - found); } -- 2.47.1