[Rpm-maint] [rpm-software-management/rpm] Ignore subkeys that cannot sign (PR #1938)
Demi Marie Obenour
notifications at github.com
Thu Mar 24 14:05:28 UTC 2022
@DemiMarie commented on this pull request.
> + if (decodePkt(p, (pend - p), &pkt) ||
+ pkt.tag != PGPTAG_SIGNATURE ||
+ pgpPrtSig(0, pkt.body, pkt.blen, params) ||
+ params->sigtype != PGPSIGTYPE_SUBKEY_BINDING) {
+ pgpDigParamsFree(digps[count]);
+ break;
All of these checks are defensive programming. If any of them fail, `pgpPrtParams()` should have already failed, since the subkey binding signature could not be verified.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1938#pullrequestreview-896672766
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1938/review/896672766 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220324/a85c3e3f/attachment.html>
More information about the Rpm-maint
mailing list