"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Josh Rickmar <openbsd+lists@zettaport.com>
Subject:
Fix for GitHub's SSH signature verification
To:
gameoftrees@openbsd.org
Date:
Wed, 24 Aug 2022 08:58:45 -0400

Download raw body.

Thread
-----------------------------------------------
commit 2a465cc117c93bb10bcdde96661dfd7cb34577ea (nul)
from: Josh Rickmar <jrick@zettaport.com>
date: Wed Aug 24 12:57:07 2022 UTC
 
 don't create signed tag objects with trailing NUL
 
 Although Git itself did not care, the superfluous NUL at the end of
 the tag object was breaking GitHub's SSH signature detection.
 
diff 374f69ddc0b897e90fa603748cac7859adac2769 2a465cc117c93bb10bcdde96661dfd7cb34577ea
commit - 374f69ddc0b897e90fa603748cac7859adac2769
commit + 2a465cc117c93bb10bcdde96661dfd7cb34577ea
blob - 05652e3057827e3b2c8cc76f5e95d07a081979a7
blob + a8d1928a0ff8a3d7b37172bb17dafe36f8e6b8e7
--- lib/object_create.c
+++ lib/object_create.c
@@ -748,10 +748,7 @@ got_object_tag_create(struct got_object_id **id,
 		err = buf_load_fd(&buf, out_fd);
 		if (err)
 			goto done;
-		sig_len = buf_len(buf) + 1;
-		err = buf_putc(buf, '\0');
-		if (err)
-			goto done;
+		sig_len = buf_len(buf);
 		if (close(out_fd) == -1) {
 			err = got_error_from_errno("close");
 			goto done;