From: John Keeping <john@keeping.me.uk>
To: "Sebastian Götte" <jaseg@physik.tu-berlin.de>
Cc: Thomas Rast <trast@inf.ethz.ch>, git@vger.kernel.org
Subject: Re: [PATCH v5 4/5] merge/pull Check for untrusted good GPG signatures
Date: Sun, 31 Mar 2013 14:33:33 +0100 [thread overview]
Message-ID: <20130331133332.GD2286@serenity.lan> (raw)
In-Reply-To: <51582BA8.90500@physik.tu-berlin.de>
On Sun, Mar 31, 2013 at 02:27:20PM +0200, Sebastian Götte wrote:
> On 03/31/2013 02:16 PM, Thomas Rast wrote:
> > "Sebastian Götte" <jaseg@physik.tu-berlin.de> wrote:
> >
> >> expecting success:
> >> test_must_fail git merge --ff-only --verify-signatures side-untrusted
> >> 2>mergeerror &&
> >> test_i18ngrep "has a good, untrusted GPG signature" mergeerror
> >>
> >> ==1430== Conditional jump or move depends on uninitialised value(s)
> >> ==1430== at 0x4C26B5C: strchrnul (mc_replace_strmem.c:711)
> >> ==1430== by 0x47B90B: check_commit_signature (commit.c:1057)
> >> ==1430== by 0x444212: cmd_merge (merge.c:1245)
> >> ==1430== by 0x4050E6: handle_internal_command (git.c:281)
> >> ==1430== by 0x40530C: main (git.c:489)
> >>
> >> Though I also can't see the problem. strchrnul gets passed a char* that
> >> is just fine.
> >
> > Usually that means that the string *contents* are uninitialized,
> > usually because you scanned past the end of the string...
>
> I checked for that, everything looks fine to me. The pointer should point to a valid, 0-terminated string.
It looks like the "found" pointer has wandered off the end of the
string. In the test case here, the gpg_status is:
-- >8 --
[GNUPG:] SIG_ID rzX3GbdzQyxB4Jdm1uD0CzL4B4Y 2013-03-31 1364735152
[GNUPG:] GOODSIG 61092E85B7227189 Eris Discordia <discord@example.net>
[GNUPG:] VALIDSIG D4BE22311AD3131E5EDA29A461092E85B7227189 2013-03-31
1364735152 0 4 0 1 2 00 D4BE22311AD3131E5EDA29A461092E85B7227189
[GNUPG:] TRUST_UNDEFINED
-- 8< --
But the parse_signature_lines code assumes that after reading a
signature it can fill in the key from the next 16 bytes and then look
for a newline after that. In this case it clearly needs to only read
the signature if it's a GOODSIG or BADSIG line.
Wrapping a "signature_check[i].result != 'U'" condition around the lines
that extract the key and advance the "found" pointer after doing so
fixes this for me.
John
next prev parent reply other threads:[~2013-03-31 13:34 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-23 1:57 [PATCH v2 1/4] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-25 15:54 ` Junio C Hamano
2013-03-25 23:46 ` [PATCH 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
2013-03-26 1:46 ` Junio C Hamano
2013-03-26 11:05 ` [PATCH v4 " Sebastian Götte
2013-03-26 16:26 ` Junio C Hamano
2013-03-26 16:43 ` Sebastian Götte
[not found] ` <cover.1364295502.git.jaseg@physik-pool.tu-berlin.de>
2013-03-26 11:05 ` [PATCH v4 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-26 11:05 ` [PATCH v4 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-28 22:33 ` Junio C Hamano
2013-03-26 11:05 ` [PATCH v4 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-28 22:33 ` Junio C Hamano
2013-03-30 0:13 ` [PATCH v5 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
[not found] ` <cover.1364601337.git.jaseg@physik-pool.tu-berlin.de>
2013-03-30 0:14 ` [PATCH v5 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-30 3:37 ` Junio C Hamano
2013-03-30 0:14 ` [PATCH v5 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-30 3:37 ` Junio C Hamano
2013-03-30 0:14 ` [PATCH v5 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-30 3:38 ` Junio C Hamano
2013-03-30 14:14 ` [PATCH v6 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
[not found] ` <cover.1364652339.git.jaseg@physik-pool.tu-berlin.de>
2013-03-30 14:15 ` [PATCH v6 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-30 14:15 ` [PATCH v6 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-30 14:15 ` [PATCH v6 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-30 14:16 ` [PATCH v6 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-30 14:16 ` [PATCH v6 5/5] pretty printing: extend %G? to include 'N' and 'U' Sebastian Götte
2013-03-30 0:14 ` [PATCH v5 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-31 8:32 ` Thomas Rast
2013-03-31 10:55 ` Sebastian Götte
2013-03-31 11:38 ` Thomas Rast
2013-03-31 11:57 ` Sebastian Götte
2013-03-31 12:16 ` Thomas Rast
2013-03-31 12:27 ` Sebastian Götte
2013-03-31 13:33 ` John Keeping [this message]
2013-03-31 14:32 ` [PATCH v7 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
[not found] ` <cover.1364738348.git.jaseg@physik-pool.tu-berlin.de>
2013-03-31 14:32 ` [PATCH v7 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-31 14:32 ` [PATCH v7 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-31 14:41 ` John Keeping
2013-03-31 14:33 ` [PATCH v7 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-31 14:33 ` [PATCH v7 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-31 14:44 ` John Keeping
2013-03-31 15:03 ` Thomas Rast
2013-03-31 15:21 ` Sebastian Götte
2013-03-31 15:27 ` Thomas Rast
2013-03-31 15:26 ` John Keeping
2013-03-31 15:58 ` [PATCH v8 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
[not found] ` <cover.1364742659.git.jaseg@physik-pool.tu-berlin.de>
2013-03-31 16:00 ` [PATCH v8 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-31 16:01 ` [PATCH v8 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-31 16:02 ` [PATCH v8 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-04-01 2:47 ` Junio C Hamano
2013-04-01 12:53 ` Sebastian Götte
2013-04-01 14:55 ` Junio C Hamano
2013-03-31 16:02 ` [PATCH v8 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-31 16:03 ` [PATCH v8 5/5] pretty printing: extend %G? to include 'N' and 'U' Sebastian Götte
2013-03-31 14:34 ` [PATCH v7 " Sebastian Götte
2013-03-30 0:15 ` [PATCH v5 " Sebastian Götte
2013-03-26 11:05 ` [PATCH v4 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-26 11:05 ` [PATCH v4 5/5] pretty printing: extend %G? to include 'N' and 'U' Sebastian Götte
[not found] ` <cover.1364254748.git.jaseg@physik-pool.tu-berlin.de>
2013-03-25 23:46 ` [PATCH 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-25 23:46 ` [PATCH 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-25 23:46 ` [PATCH 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-25 23:46 ` [PATCH 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-25 23:46 ` [PATCH 5/5] pretty printing: extend %G? to include 'N' and 'U' Sebastian Götte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130331133332.GD2286@serenity.lan \
--to=john@keeping.me.uk \
--cc=git@vger.kernel.org \
--cc=jaseg@physik.tu-berlin.de \
--cc=trast@inf.ethz.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).