Ivan Markin
unread,Oct 10, 2016, 8:33:25 PM10/10/16You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to te...@openbsd.org
At the moment signify(1) requires sigfiles to begin with 'untrusted
comment: '. Sometimes one wants to have no comments and just signature
itself.
Index: signify.c
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.126
diff -u -p -r1.126 signify.c
--- signify.c 6 Oct 2016 22:38:25 -0000 1.126
+++ signify.c 11 Oct 2016 00:19:35 -0000
@@ -125,27 +125,33 @@ static size_t
parseb64file(const char *filename, char *b64, void *buf, size_t buflen,
char *comment)
{
- char *commentend, *b64end;
+ char *linebegin, *lineend;
- commentend = strchr(b64, '\n');
- if (!commentend || commentend - b64 <= COMMENTHDRLEN ||
- memcmp(b64, COMMENTHDR, COMMENTHDRLEN) != 0)
- errx(1, "invalid comment in %s; must start with '%s'",
- filename, COMMENTHDR);
- *commentend = '\0';
- if (comment) {
- if (strlcpy(comment, b64 + COMMENTHDRLEN,
- COMMENTMAXLEN) >= COMMENTMAXLEN)
- errx(1, "comment too long");
+ linebegin = b64;
+ lineend = strchr(linebegin, '\n');
+ if (!lineend) {
+ errx(1, "not enough lines in %s", filename);
}
- if (!(b64end = strchr(commentend + 1, '\n')))
- errx(1, "missing new line after base64 in %s", filename);
- *b64end = '\0';
- if (b64_pton(commentend + 1, buf, buflen) != buflen)
- errx(1, "invalid base64 encoding in %s", filename);
+ if (lineend - linebegin > COMMENTHDRLEN &&
+ memcmp(b64, COMMENTHDR, COMMENTHDRLEN) == 0) {
+ *lineend = '\0';
+ if (comment) {
+ if (strlcpy(comment, b64 + COMMENTHDRLEN,
+ COMMENTMAXLEN) >= COMMENTMAXLEN)
+ errx(1, "comment too long");
+ }
+ linebegin = lineend + 1;
+
+ if (!(lineend = strchr(linebegin, '\n')))
+ errx(1, "missing new line after base64 in %s",
filename);
+ }
+
+ *lineend = '\0';
+ if (b64_pton(linebegin, buf, buflen) != buflen)
+ errx(1, "invalid base64 encoding or corrupted comment in
%s", filename);
if (memcmp(buf, PKALG, 2) != 0)
errx(1, "unsupported file %s", filename);
- return b64end - b64 + 1;
+ return lineend - b64 + 1;
}
static void