summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/gpgv.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2019-01-28 18:17:00 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2019-01-28 18:17:00 +0100
commitc8350b2b0b77bacf6a1b42eade20002546baac3a (patch)
tree65dfe07fef6bbfba02a22eae95a35f8a4235d57f /apt-pkg/contrib/gpgv.cc
parent73e3459689c05cd62f15c29d2faddb0fc215ef5e (diff)
Explicitly remove the whitespaces defined by RFC
RFC 4880 section 7.1 "Dash-Escaped Text" at the end defines that only space and tab are allowed, so we should remove only these even if due to use complaining (or now failing) you can't really make use of it. Note that strrstrip was removing '\r\n\t ', not other whitespaces like \v or \f and another big reason to do it explicitly here now is to avoid that a future change adding those could have unintended consequences.
Diffstat (limited to 'apt-pkg/contrib/gpgv.cc')
-rw-r--r--apt-pkg/contrib/gpgv.cc24
1 files changed, 20 insertions, 4 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index 054b815fb..087862b70 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -28,6 +28,20 @@
#include <apti18n.h>
/*}}}*/
+// a "normal" find_last_not_of returns npos if not found
+static int find_last_not_of_length(char * const buffer, APT::StringView const bad)
+{
+ if (buffer == nullptr)
+ return 0;
+ int result = strlen(buffer) - 1;
+ while (result >= 0)
+ {
+ if (std::find(bad.begin(), bad.end(), buffer[result]) == bad.end())
+ break;
+ --result;
+ }
+ return result + 1;
+}
static bool GetLineErrno(std::unique_ptr<char, decltype(&free)> &buffer, size_t *n, FILE *stream, std::string const &InFile, bool acceptEoF = false)/*{{{*/
{
errno = 0;
@@ -42,10 +56,12 @@ static bool GetLineErrno(std::unique_ptr<char, decltype(&free)> &buffer, size_t
return false;
return _error->Error("Splitting of clearsigned file %s failed as it doesn't contain all expected parts", InFile.c_str());
}
- // We remove all whitespaces including newline here as
- // a) gpgv ignores them for signature
- // b) we can write out a \n in code later instead of dealing with \r\n or not
- _strrstrip(buffer.get());
+ // a) remove newline characters, so we can work consistently with lines
+ auto line_length = find_last_not_of_length(buffer.get(), "\n\r");
+ buffer.get()[line_length] = '\0';
+ // b) remove trailing whitespaces as defined by rfc4880 ยง7.1
+ line_length = find_last_not_of_length(buffer.get(), " \t");
+ buffer.get()[line_length] = '\0';
return true;
}
/*}}}*/