René Scharfe <l.s.r@xxxxxx> writes:
> @@ -620,17 +605,18 @@ static int constant_memequal(const char *a, const char *b, size_t n)
> for (i = 0; i < n; i++)
> res |= a[i] ^ b[i];
> return res;
> }
>
> -static const char *check_nonce(const char *buf, size_t len)
> +static const char *check_nonce(const char *buf)
> {
> - char *nonce = find_header(buf, len, "nonce", NULL);
> + size_t noncelen;
> + const char *found = find_commit_header(buf, "nonce", &noncelen);
> + char *nonce = found ? xmemdupz(found, noncelen) : NULL;
OK, the changes to this function are all quite trivially correct.
> timestamp_t stamp, ostamp;
> char *bohmac, *expect = NULL;
> const char *retval = NONCE_BAD;
> - size_t noncelen;
>
> if (!nonce) {
> retval = NONCE_MISSING;
> goto leave;
> } else if (!push_cert_nonce) {
> @@ -668,11 +654,10 @@ static const char *check_nonce(const char *buf, size_t len)
> if (bohmac == nonce || bohmac[0] != '-') {
> retval = NONCE_BAD;
> goto leave;
> }
>
> - noncelen = strlen(nonce);
> expect = prepare_push_cert_nonce(service_dir, stamp);
> if (noncelen != strlen(expect)) {
> /* This is not even the right size. */
> retval = NONCE_BAD;
> goto leave;
> @@ -765,11 +750,11 @@ static void prepare_push_cert_sha1(struct child_process *proc)
> sigcheck.payload = xmemdupz(push_cert.buf, bogs);
> sigcheck.payload_len = bogs;
> check_signature(&sigcheck, push_cert.buf + bogs,
> push_cert.len - bogs);
>
> - nonce_status = check_nonce(push_cert.buf, bogs);
> + nonce_status = check_nonce(sigcheck.payload);
Hmph. sigc->payload is used as a read-only member in
check_signature(), and the xmemdupz() copy we made earlier is
readily available as a replacement for the counted (push_cert.buf,
bogs) string. Very nice finding.
> }
> if (!is_null_oid(&push_cert_oid)) {
> strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
> oid_to_hex(&push_cert_oid));
> strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
> --
> 2.43.0
