[Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)
Panu Matilainen
notifications at github.com
Thu Oct 24 06:25:54 UTC 2024
Okay, looks better, but there are a couple of further improvements to be made. This being security sensitive code, you'll want the logic to be as lean and mean and obvious as you possibly can.
There are two entirely separate cases here:
- no key, which can only return FAIL/NOKEY
- one or more matches, which can only return FAIL/OK
You'll want those in a top-level if-else so there's no doubt whatsoever: only one of them can execute, and keyptr can only be set by the latter. Which means "key" can and should move to a more local scope in the second. And for the no key case, it'd actually be a good idea to add an actual assert to make it 200% clear: it can never ever return OK.
Add that helper function around the pgpVerifySignature2() and lints collection as I suggested in the previous comment, it's not that it's a large amount of code but to prove a point: even the simple three lines differ here, the first one using a gcc-extension syntax. Plus it'll make the business logic stand out more by isolating the C strings management out of sight entirely.
The log output logic can probably simplified a lot by realizing that if we get an OK, we can just wipe out any previous results away: with the above logic impelemented, they can only be from non-matching keys and uninteresting if we found a match. So just do results.clear() if you got OK and then you can simply log any non-empty output.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#issuecomment-2434402606
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3398/c2434402606 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241023/22f2e45f/attachment.html>
More information about the Rpm-maint
mailing list