parse_signed_commit: really use the entire commit log message

... even beyond the first NUL in the buffer, when checking the commit
against the detached signature in the header.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/commit.c b/commit.c
index 93045a2cdae33426182c544e92ba0330133a10d7..09693f78d92c2851c2edb9e627f99ee4e7bfbf57 100644 (file)
--- a/commit.c
+++ b/commit.c
@@ -854,28 +854,31 @@ int parse_signed_commit(const unsigned char *sha1,
        unsigned long size;
        enum object_type type;
        char *buffer = read_sha1_file(sha1, &type, &size);
-       int in_header, saw_signature = -1;
-       char *line;
+       int saw_signature = -1;
+       char *line, *tail;
 
        if (!buffer || type != OBJ_COMMIT)
                goto cleanup;
 
        line = buffer;
-       in_header = 1;
+       tail = buffer + size;
        saw_signature = 0;
-       while (*line) {
-               char *next = strchrnul(line, '\n');
-               if (*next)
+       while (line < tail) {
+               char *next = memchr(line, '\n', tail - line);
+               if (!next)
+                       next = tail;
+               else
                        next++;
-               if (in_header && !prefixcmp(line, gpg_sig_header)) {
+               if (!prefixcmp(line, gpg_sig_header)) {
                        const char *sig = line + gpg_sig_header_len;
                        strbuf_add(signature, sig, next - sig);
                        saw_signature = 1;
                } else {
+                       if (*line == '\n')
+                               /* dump the whole remainder of the buffer */
+                               next = tail;
                        strbuf_add(payload, line, next - line);
                }
-               if (*line == '\n')
-                       in_header = 0;
                line = next;
        }
  cleanup:

diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
index 5c7475d818ee12157b98e88288dd5aad9b8be248..30401ced071c24aed5071442da1a9674bc7b7c7e 100755 (executable)
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@ -50,11 +50,22 @@ test_expect_success GPG 'show signatures' '
 
 test_expect_success GPG 'detect fudged signature' '
        git cat-file commit master >raw &&
-       sed -e "s/fourth signed/4th forged/" raw >forged &&
-       git hash-object -w -t commit forged >forged.commit &&
-       git show --pretty=short --show-signature $(cat forged.commit) >actual &&
-       grep "BAD signature from" actual &&
-       ! grep "Good signature from" actual
+
+       sed -e "s/fourth signed/4th forged/" raw >forged1 &&
+       git hash-object -w -t commit forged1 >forged1.commit &&
+       git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
+       grep "BAD signature from" actual1 &&
+       ! grep "Good signature from" actual1
+'
+
+test_expect_success GPG 'detect fudged signature with NUL' '
+       git cat-file commit master >raw &&
+       cat raw >forged2 &&
+       echo Qwik | tr "Q" "\000" >>forged2 &&
+       git hash-object -w -t commit forged2 >forged2.commit &&
+       git show --pretty=short --show-signature $(cat forged2.commit) >actual2 &&
+       grep "BAD signature from" actual2 &&
+       ! grep "Good signature from" actual2
 '
 
 test_done