[Rpm-maint] [rpm-software-management/rpm] Require creation time to be unique and hashed (PR #1912)

Demi Marie Obenour notifications at github.com
Tue Feb 15 16:34:55 UTC 2022


@DemiMarie commented on this pull request.



> @@ -473,16 +473,15 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
 	    for (i = 1; i < plen; i++)
 		pgpPrtVal(" ", pgpKeyServerPrefsTbl, p[i]);
 	    break;
-	case PGPSUBTYPE_SIG_CREATE_TIME:
+	case PGPSUBTYPE_SIG_CREATE_TIME:  /* signature creation time */
+	    if (plen-1 != sizeof(_digp->time))
+		break; /* other lengths not understood */
+	    if (_digp->saved & PGPDIG_SAVED_TIME)
+		return 1; /* duplicate timestamps not allowed */

That is what [the `->saved = 0` is for.](https://github.com/rpm-software-management/rpm/pull/1912/files#diff-b4eac15fda646a3b73f5cd251f33387979eadc71ba52f769bd64b10bd877365cR604)

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1912#discussion_r807042990
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1912/review/883279818 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220215/191f54ab/attachment-0001.html>


More information about the Rpm-maint mailing list