From c8350b2b0b77bacf6a1b42eade20002546baac3a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 28 Jan 2019 18:17:00 +0100 Subject: Explicitly remove the whitespaces defined by RFC RFC 4880 section 7.1 "Dash-Escaped Text" at the end defines that only space and tab are allowed, so we should remove only these even if due to use complaining (or now failing) you can't really make use of it. Note that strrstrip was removing '\r\n\t ', not other whitespaces like \v or \f and another big reason to do it explicitly here now is to avoid that a future change adding those could have unintended consequences. --- apt-pkg/contrib/gpgv.cc | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index 054b815fb..087862b70 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -28,6 +28,20 @@ #include /*}}}*/ +// a "normal" find_last_not_of returns npos if not found +static int find_last_not_of_length(char * const buffer, APT::StringView const bad) +{ + if (buffer == nullptr) + return 0; + int result = strlen(buffer) - 1; + while (result >= 0) + { + if (std::find(bad.begin(), bad.end(), buffer[result]) == bad.end()) + break; + --result; + } + return result + 1; +} static bool GetLineErrno(std::unique_ptr &buffer, size_t *n, FILE *stream, std::string const &InFile, bool acceptEoF = false)/*{{{*/ { errno = 0; @@ -42,10 +56,12 @@ static bool GetLineErrno(std::unique_ptr &buffer, size_t return false; return _error->Error("Splitting of clearsigned file %s failed as it doesn't contain all expected parts", InFile.c_str()); } - // We remove all whitespaces including newline here as - // a) gpgv ignores them for signature - // b) we can write out a \n in code later instead of dealing with \r\n or not - _strrstrip(buffer.get()); + // a) remove newline characters, so we can work consistently with lines + auto line_length = find_last_not_of_length(buffer.get(), "\n\r"); + buffer.get()[line_length] = '\0'; + // b) remove trailing whitespaces as defined by rfc4880 ยง7.1 + line_length = find_last_not_of_length(buffer.get(), " \t"); + buffer.get()[line_length] = '\0'; return true; } /*}}}*/ -- cgit v1.2.3