Prevent segfaulting verifying "lightweight" tags

From:: Stefan Sperling <stsp@stsp.name>
Subject:: Re: Prevent segfaulting verifying "lightweight" tags
To:: Josh Rickmar <openbsd+lists@zettaport.com>
Cc:: gameoftrees@openbsd.org
Date:: Fri, 2 Sep 2022 16:00:35 +0200

Download raw body.

Thread

2022-09-02 13:51 Josh Rickmar:
Prevent segfaulting verifying "lightweight" tags
- 2022-09-02 14:00 Stefan Sperling:
  Prevent segfaulting verifying "lightweight" tags

On Fri, Sep 02, 2022 at 09:51:27AM -0400, Josh Rickmar wrote:
> Every day is a surprise with git.

Thanks, ok by me

> diff /home/jrick/src/got
> commit - 40831471082f880a26b73987b595a52dc1c93794
> path + /home/jrick/src/got
> blob - f9bcb1bca8436bc052e3bdeab3be53a13add0a61
> file + got/got.c
> --- got/got.c
> +++ got/got.c
> @@ -7043,7 +7043,7 @@ list_tags(struct got_repository *repo, const char *tag
>  				break;
>  		}
>  
> -		if (verify_tags) {
> +		if (tag && verify_tags) {
>  			ssh_sig = got_sigs_get_tagmsg_ssh_signature(
>  			    got_object_tag_get_message(tag));
>  			if (ssh_sig && allowed_signers == NULL) {
> blob - bff93134d3aa7848b5554c7e85bc8e677b51c82d
> file + regress/cmdline/tag.sh
> --- regress/cmdline/tag.sh
> +++ regress/cmdline/tag.sh
> @@ -244,6 +244,9 @@ test_tag_list_lightweight() {
>  
>  	got tag -r $testroot/repo -l > $testroot/stdout
>  
> +	# test signature validation ignoring lightweight tags
> +	got tag -r $testroot/repo -V > $testroot/stdout
> +
>  	echo "-----------------------------------------------" \
>  		> $testroot/stdout.expected
>  	echo "tag $tag2 $tag_id2" >> $testroot/stdout.expected
> 
>

2022-09-02 13:51 Josh Rickmar:
Prevent segfaulting verifying "lightweight" tags
- 2022-09-02 14:00 Stefan Sperling:
  Prevent segfaulting verifying "lightweight" tags