At the moment signify(1) requires sigfiles to begin with 'untrusted
comment: '. Sometimes one wants to have no comments and just signature
itself.
Index: signify.c
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.126
diff -u -p -r1.126 signify.c
--- signify.c 6 Oct 2016 22:38:25 -0000 1.126
+++ signify.c 11 Oct 2016 00:19:35 -0000
@@ -125,27 +125,33 @@ static size_t
parseb64file(const char *filename, char *b64, void *buf, size_t buflen,
char *comment)
{
- char *commentend, *b64end;
+ char *linebegin, *lineend;
- commentend = strchr(b64, '\n');
- if (!commentend || commentend - b64 <= COMMENTHDRLEN ||
- memcmp(b64, COMMENTHDR, COMMENTHDRLEN) != 0)
- errx(1, "invalid comment in %s; must start with '%s'",
- filename, COMMENTHDR);
- *commentend = '\0';
- if (comment) {
- if (strlcpy(comment, b64 + COMMENTHDRLEN,
- COMMENTMAXLEN) >= COMMENTMAXLEN)
- errx(1, "comment too long");
+ linebegin = b64;
+ lineend = strchr(linebegin, '\n');
+ if (!lineend) {
+ errx(1, "not enough lines in %s", filename);
}
- if (!(b64end = strchr(commentend + 1, '\n')))
- errx(1, "missing new line after base64 in %s", filename);
- *b64end = '\0';
- if (b64_pton(commentend + 1, buf, buflen) != buflen)
- errx(1, "invalid base64 encoding in %s", filename);
+ if (lineend - linebegin > COMMENTHDRLEN &&
+ memcmp(b64, COMMENTHDR, COMMENTHDRLEN) == 0) {
+ *lineend = '\0';
+ if (comment) {
+ if (strlcpy(comment, b64 + COMMENTHDRLEN,
+ COMMENTMAXLEN) >= COMMENTMAXLEN)
+ errx(1, "comment too long");
+ }
+ linebegin = lineend + 1;
+
+ if (!(lineend = strchr(linebegin, '\n')))
+ errx(1, "missing new line after base64 in %s",
filename);
+ }
+
+ *lineend = '\0';
+ if (b64_pton(linebegin, buf, buflen) != buflen)
+ errx(1, "invalid base64 encoding or corrupted comment in
%s", filename);
if (memcmp(buf, PKALG, 2) != 0)
errx(1, "unsupported file %s", filename);
- return b64end - b64 + 1;
+ return lineend - b64 + 1;
}
static void
