Merge branch 'sr/gpg-interface-stop-at-the-end'

A codepath that reads from GPG for signed object verification read past the end of allocated buffer, which has been fixed. * sr/gpg-interface-stop-at-the-end: gpg-interface: do not scan past the end of buffer
gitgitgadget · Jul 25, 2019 · 984da7f · 984da7f
2 parents a5194d8 + 64c45dc
commit 984da7f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/gpg-interface.c b/gpg-interface.c
@@ -116,6 +116,9 @@ static void parse_gpg_output(struct signature_check *sigc)
 	for (line = buf; *line; line = strchrnul(line+1, '\n')) {
 		while (*line == '\n')
 			line++;
+		if (!*line)
+			break;
+
 		/* Skip lines that don't start with GNUPG status */
 		if (!skip_prefix(line, "[GNUPG:] ", &line))
 			continue;