Fix CVE-2018-12356 by hardening the regex.

binariumpay · Jun 18, 2018 · 6ceb0bb · 6ceb0bb
1 parent ea230e7
commit 6ceb0bb
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh
@@ -26,7 +26,7 @@ if ! $VALID; then
 	exit 1
 fi
 if $VALID && $REVSIG; then
-	echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
+	echo "$INPUT" | gpg --trust-model always "$@" | grep "^\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
 	echo "$GOODREVSIG"
 else
 	echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null