verify: propagate error on corrupted .sig files

In case the signature file is corrupt, e.g. it could not be downloaded
successfully, the gnupg code just prints an error message but will not
return the error to the user. So we patch the code to return the error
and check the value in the calling code.
This commit is contained in:
Josef Söntgen 2018-02-22 15:04:13 +01:00 committed by Christian Helmuth
parent 65f1100453
commit 8dda68a1bd
3 changed files with 17 additions and 3 deletions

View File

@ -5,3 +5,5 @@ DOWNLOADS := gnupg.archive
URL(gnupg) := https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$(VERSION).tar.bz2
SHA(gnupg) := 732266e8888c6f41c084d043c7a0058332ff3580
DIR(gnupg) := src/app/gnupg
PATCHES := src/app/verify/patches/verify.patch

View File

@ -121,18 +121,19 @@ enum Gnupg_verify_result gnupg_verify_detached_signature(char const *pubkey_path
*/
int const orig_errors_seen = g10_errors_seen;
/*
* Call into GnuPG to verify the data with a detached signature. The
* 'verify_signatures' function indirectly calls 'get_pubkey' and
* 'get_pubkeyblock', which hand out our '_pubkey_packet'.
*/
char *file_names[2] = { strdup(sig_path), strdup(data_path) };
verify_signatures(ctrl, 2, file_names);
int const err = verify_signatures(ctrl, 2, file_names);
for (unsigned i = 0; i < 2; i++)
free(file_names[i]);
return (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK
: GNUPG_VERIFY_SIGNATURE_INVALID;
return !err && (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK
: GNUPG_VERIFY_SIGNATURE_INVALID;
}

View File

@ -0,0 +1,11 @@
--- src/app/gnupg/g10/verify.c.orig
+++ src/app/gnupg/g10/verify.c
@@ -116,7 +116,7 @@
log_error(_("the signature could not be verified.\n"
"Please remember that the signature file (.sig or .asc)\n"
"should be the first file given on the command line.\n") );
- rc = 0;
+ rc = 1;
}
leave: