On Wed, Jul 11, 2018 at 06:15:05PM +0200, Henning Schild wrote:
> > diff --git a/gpg-interface.c b/gpg-interface.c
> > index bf8d567a4c..139b0f561e 100644
> > --- a/gpg-interface.c
> > +++ b/gpg-interface.c
> > @@ -97,7 +97,7 @@ static void parse_gpg_output(struct signature_check
> > *sigc) sigc->key = xmemdupz(found, next - found);
> > /* The ERRSIG message is not followed by
> > signer information */ if (sigc-> result != 'E') {
> > - found = next + 1;
> > + found = *next ? next + 1 : next;
>
> This would keep us in bounds of the unexpected string. But ignore the
> line instead of "complaining" or crashing.
>
> But you are right, it is easy enough and ignoring the line is probably
> the best way of dealing with it.
>
> i will change the condition to
> > if (*next && sigc-> result != 'E')
>
> also skipping the following strchrnul and xmemdupz
That sounds good to me. Thanks.
-Peff
