[Rpm-maint] [rpm-software-management/rpm] Require creation time to be unique and hashed (PR #1912)
Michael Schroeder
notifications at github.com
Tue Feb 15 13:52:10 UTC 2022
@mlschroe commented on this pull request.
> @@ -473,16 +473,15 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
for (i = 1; i < plen; i++)
pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]);
break;
- case PGPSUBTYPE_SIG_CREATE_TIME:
+ case PGPSUBTYPE_SIG_CREATE_TIME: /* signature creation time */
+ if (plen-1 != sizeof(_digp->time))
+ break; /* other lengths not understood */
+ if (_digp->saved & PGPDIG_SAVED_TIME)
+ return 1; /* duplicate timestamps not allowed */
Doesn't this break the parsing of pubkeys with more than one signature?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1912#pullrequestreview-883013309
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1912/review/883013309 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220215/ef685258/attachment.html>
More information about the Rpm-maint
mailing list