[Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

Panu Matilainen notifications at github.com
Thu Oct 24 06:42:35 UTC 2024


@pmatilai commented on this pull request.



>  
-    if (keyring && sig) {
+    if (sig && ctx) {
+	char *lints = NULL;

This will be moot once you add the wrapper around pgpVerifySignature2() which makes lints local, but this is another example of a variable in the wrong scope and in this case, dangerous: lints can be free'd and then accessed again later, but the pointer is not NULL'ed which is akin to leaving a booby trap in the code. Does pgpVerifySignature() *always* assign to the lints pointer when passed? Maybe it does, but if not then we can end up accessing freed memory. You don't want to rely on such a thing.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#pullrequestreview-2391454399
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3398/review/2391454399 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241023/fbd71428/attachment.html>


More information about the Rpm-maint mailing list