"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
Re: Fix for GitHub's SSH signature verification
To:
Josh Rickmar <openbsd+lists@zettaport.com>
Cc:
gameoftrees@openbsd.org
Date:
Wed, 24 Aug 2022 15:32:01 +0200

Download raw body.

Thread
On Wed, Aug 24, 2022 at 08:58:45AM -0400, Josh Rickmar wrote:
> -----------------------------------------------
> commit 2a465cc117c93bb10bcdde96661dfd7cb34577ea (nul)
> from: Josh Rickmar <jrick@zettaport.com>
> date: Wed Aug 24 12:57:07 2022 UTC
>  
>  don't create signed tag objects with trailing NUL
>  
>  Although Git itself did not care, the superfluous NUL at the end of
>  the tag object was breaking GitHub's SSH signature detection.

Sure, ok.
 
> diff 374f69ddc0b897e90fa603748cac7859adac2769 2a465cc117c93bb10bcdde96661dfd7cb34577ea
> commit - 374f69ddc0b897e90fa603748cac7859adac2769
> commit + 2a465cc117c93bb10bcdde96661dfd7cb34577ea
> blob - 05652e3057827e3b2c8cc76f5e95d07a081979a7
> blob + a8d1928a0ff8a3d7b37172bb17dafe36f8e6b8e7
> --- lib/object_create.c
> +++ lib/object_create.c
> @@ -748,10 +748,7 @@ got_object_tag_create(struct got_object_id **id,
>  		err = buf_load_fd(&buf, out_fd);
>  		if (err)
>  			goto done;
> -		sig_len = buf_len(buf) + 1;
> -		err = buf_putc(buf, '\0');
> -		if (err)
> -			goto done;
> +		sig_len = buf_len(buf);
>  		if (close(out_fd) == -1) {
>  			err = got_error_from_errno("close");
>  			goto done;
> 
>