Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: git/git
base: 0cddd84c9f3e9c3d793ec93034ef679335f35e49
Choose a base ref
...
head repository: git/git
compare: 65db97b4fa6b03059f2f14f313e07ca799d4ef3f
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Nov 2, 2021

  1. gpg-interface: handle missing " with " gracefully in parse_ssh_output() 

    If the output of ssh-keygen starts with "Good \"git\" signature for ",
but is not followed by " with " for some reason, then parse_ssh_output()
uses -1 as the len parameter of xmemdupz(), which in turn will end the
program.  Reject the signature and carry on instead in that case.

Signed-off-by: René Scharfe <l.s.r@web.de>
Acked-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
    @rscharfe @gitster
    rscharfe authored and gitster committed Nov 2, 2021
    Copy the full SHA
    18b1850 View commit details
    Browse the repository at this point in the history

  2. gpg-interface: avoid buffer overrun in parse_ssh_output() 

    If the string "key" we found in the output of ssh-keygen happens to be
located at the very end of the line, then going four characters further
leaves us beyond the end of the string.  Explicitly search for the
space after "key" to handle a missing one gracefully.

Signed-off-by: René Scharfe <l.s.r@web.de>
Acked-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
    @rscharfe @gitster
    rscharfe authored and gitster committed Nov 2, 2021
    Copy the full SHA
    65db97b View commit details
    Browse the repository at this point in the history