From: Colin Walters <walters@verbum.org>
Date: Tue, 18 Jul 2023 11:54:03 +0000 (-0400)
Subject: sign-ed25519: Don't set sk unless we've validated it
X-Git-Tag: archive/raspbian/2023.7-3+rpi1~1^2~9^2^2~48^2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=fc303da67d9f5998b7b996c37e4738313978d589;p=ostree.git

sign-ed25519: Don't set sk unless we've validated it

The semantics of this function now keep the key assigned
even if we fail to validate it, which is ugly.  Only assign
the key after verifying its length.
---

diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c
index bbe10e87..f8b99e99 100644
--- a/src/libostree/ostree-sign-ed25519.c
+++ b/src/libostree/ostree-sign-ed25519.c
@@ -362,14 +362,15 @@ ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **err
 
   gsize n_elements = 0;
 
+  g_autofree guchar *secret_key_buf = NULL;
   if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_STRING))
     {
       const gchar *sk_ascii = g_variant_get_string (secret_key, NULL);
-      sign->secret_key = g_base64_decode (sk_ascii, &n_elements);
+      secret_key_buf = g_base64_decode (sk_ascii, &n_elements);
     }
   else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING))
     {
-      sign->secret_key
+      secret_key_buf
           = (guchar *)g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar));
     }
   else
@@ -380,6 +381,8 @@ ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **err
   if (!validate_length (n_elements, OSTREE_SIGN_ED25519_SECKEY_SIZE, error))
     return glnx_prefix_error (error, "Invalid ed25519 secret key");
 
+  sign->secret_key = g_steal_pointer (&secret_key_buf);
+
   return TRUE;
 }