[PATCHv2] gpg-interface: check gpg signature for correct header

Tue, 14 Jun 2016 05:05:43 -0700 

When we create a signature, it may happen that gpg returns with
"success" but not with an actual detached signature on stdout.

Check for the correct header to catch these cases better. We use the
same parse_signature function for that that we use otherwise, so that
gpg specifics are localised there.

Signed-off-by: Michael J Gruber <g...@drmicha.warpmail.net>
---
So, this is the real thing.

Between you and me: parse_signature in fact is more lenient, but hey - it's
exactly as lenient as we are otherwise, bar running gpg --verify.

 gpg-interface.c |  2 +-
 t/t7004-tag.sh  | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/gpg-interface.c b/gpg-interface.c
index c4b1e8c..784953c 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -185,7 +185,7 @@ int sign_buffer(struct strbuf *buffer, struct strbuf 
*signature, const char *sig
 
        sigchain_pop(SIGPIPE);
 
-       if (finish_command(&gpg) || !len || len < 0)
+       if (finish_command(&gpg) || !len || len < 0 || 
parse_signature(signature->buf, signature->len) == signature->len)
                return error(_("gpg failed to sign the data"));
 
        /* Strip CR from the line endings, in case we are on Windows. */
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index f9b7d79..467e968 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1202,10 +1202,18 @@ test_expect_success GPG,RFC1991 \
 # try to sign with bad user.signingkey
 git config user.signingkey BobTheMouse
 test_expect_success GPG \
-       'git tag -s fails if gpg is misconfigured' \
+       'git tag -s fails if gpg is misconfigured (bad key)' \
        'test_must_fail git tag -s -m tail tag-gpg-failure'
 git config --unset user.signingkey
 
+# try to produce invalid signature
+git config gpg.program echo
+test_expect_success GPG \
+       'git tag -s fails if gpg is misconfigured (bad signature format)' \
+       'test_must_fail git tag -s -m tail tag-gpg-failure'
+git config --unset gpg.program
+
+
 # try to verify without gpg:
 
 rm -rf gpghome
-- 
2.9.0.382.g87fd384

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to