[Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)
Panu Matilainen
notifications at github.com
Thu Oct 24 06:42:35 UTC 2024
@pmatilai commented on this pull request.
>
- if (keyring && sig) {
+ if (sig && ctx) {
+ char *lints = NULL;
This will be moot once you add the wrapper around pgpVerifySignature2() which makes lints local, but this is another example of a variable in the wrong scope and in this case, dangerous: lints can be free'd and then accessed again later, but the pointer is not NULL'ed which is akin to leaving a booby trap in the code. Does pgpVerifySignature() *always* assign to the lints pointer when passed? Maybe it does, but if not then we can end up accessing freed memory. You don't want to rely on such a thing.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#pullrequestreview-2391454399
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3398/review/2391454399 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241023/fbd71428/attachment.html>
More information about the Rpm-maint
mailing list