From fc303da67d9f5998b7b996c37e4738313978d589 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 18 Jul 2023 07:54:03 -0400 Subject: [PATCH] sign-ed25519: Don't set sk unless we've validated it The semantics of this function now keep the key assigned even if we fail to validate it, which is ugly. Only assign the key after verifying its length. --- src/libostree/ostree-sign-ed25519.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/libostree/ostree-sign-ed25519.c b/src/libostree/ostree-sign-ed25519.c index bbe10e87..f8b99e99 100644 --- a/src/libostree/ostree-sign-ed25519.c +++ b/src/libostree/ostree-sign-ed25519.c @@ -362,14 +362,15 @@ ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **err gsize n_elements = 0; + g_autofree guchar *secret_key_buf = NULL; if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_STRING)) { const gchar *sk_ascii = g_variant_get_string (secret_key, NULL); - sign->secret_key = g_base64_decode (sk_ascii, &n_elements); + secret_key_buf = g_base64_decode (sk_ascii, &n_elements); } else if (g_variant_is_of_type (secret_key, G_VARIANT_TYPE_BYTESTRING)) { - sign->secret_key + secret_key_buf = (guchar *)g_variant_get_fixed_array (secret_key, &n_elements, sizeof (guchar)); } else @@ -380,6 +381,8 @@ ostree_sign_ed25519_set_sk (OstreeSign *self, GVariant *secret_key, GError **err if (!validate_length (n_elements, OSTREE_SIGN_ED25519_SECKEY_SIZE, error)) return glnx_prefix_error (error, "Invalid ed25519 secret key"); + sign->secret_key = g_steal_pointer (&secret_key_buf); + return TRUE; } -- 2.30.2