summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libalpm/be_package.c7
-rw-r--r--lib/libalpm/be_sync.c7
-rw-r--r--lib/libalpm/signing.c24
-rw-r--r--lib/libalpm/signing.h3
4 files changed, 30 insertions, 11 deletions
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c
index b6cb8c4e..31a7297d 100644
--- a/lib/libalpm/be_package.c
+++ b/lib/libalpm/be_package.c
@@ -330,13 +330,18 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
/* even if we don't have a sig, run the check code if level tells us to */
if(has_sig || level & ALPM_SIG_PACKAGE) {
const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
+ alpm_siglist_t *siglist;
_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
if(_alpm_check_pgp_helper(handle, pkgfile, sig,
level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
- level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) {
+ level & ALPM_SIG_PACKAGE_UNKNOWN_OK, &siglist)) {
handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG;
+ alpm_siglist_cleanup(siglist);
+ free(siglist);
return -1;
}
+ alpm_siglist_cleanup(siglist);
+ free(siglist);
}
return 0;
diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c
index 7eb2539b..ef0f1ef4 100644
--- a/lib/libalpm/be_sync.c
+++ b/lib/libalpm/be_sync.c
@@ -70,6 +70,7 @@ static int sync_db_validate(alpm_db_t *db)
{
alpm_siglevel_t level;
const char *dbpath;
+ alpm_siglist_t *siglist;
if(db->status & DB_STATUS_VALID || db->status & DB_STATUS_MISSING) {
return 0;
@@ -102,10 +103,14 @@ static int sync_db_validate(alpm_db_t *db)
if(level & ALPM_SIG_DATABASE) {
if(_alpm_check_pgp_helper(db->handle, dbpath, NULL,
level & ALPM_SIG_DATABASE_OPTIONAL, level & ALPM_SIG_DATABASE_MARGINAL_OK,
- level & ALPM_SIG_DATABASE_UNKNOWN_OK)) {
+ level & ALPM_SIG_DATABASE_UNKNOWN_OK, &siglist)) {
db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG;
+ alpm_siglist_cleanup(siglist);
+ free(siglist);
return 1;
}
+ alpm_siglist_cleanup(siglist);
+ free(siglist);
}
valid:
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index bcc91046..7e05a237 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -435,15 +435,17 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path)
}
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
- const char *base64_sig, int optional, int marginal, int unknown)
+ const char *base64_sig, int optional, int marginal, int unknown,
+ alpm_siglist_t **sigdata)
{
- alpm_siglist_t siglist;
+ alpm_siglist_t *siglist;
int ret;
- memset(&siglist, 0, sizeof(alpm_siglist_t));
+ CALLOC(siglist, 1, sizeof(alpm_siglist_t),
+ RET_ERR(handle, ALPM_ERR_MEMORY, -1));
_alpm_log(handle, ALPM_LOG_DEBUG, "checking signatures for %s\n", path);
- ret = _alpm_gpgme_checksig(handle, path, base64_sig, &siglist);
+ ret = _alpm_gpgme_checksig(handle, path, base64_sig, siglist);
if(ret && handle->pm_errno == ALPM_ERR_SIG_MISSING) {
if(optional) {
_alpm_log(handle, ALPM_LOG_DEBUG, "missing optional signature\n");
@@ -458,12 +460,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
/* ret will already be -1 */
} else {
size_t num;
- for(num = 0; !ret && num < siglist.count; num++) {
- switch(siglist.results[num].status) {
+ for(num = 0; !ret && num < siglist->count; num++) {
+ switch(siglist->results[num].status) {
case ALPM_SIGSTATUS_VALID:
case ALPM_SIGSTATUS_KEY_EXPIRED:
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n");
- switch(siglist.results[num].validity) {
+ switch(siglist->results[num].validity) {
case ALPM_SIGVALIDITY_FULL:
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n");
break;
@@ -495,7 +497,13 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
}
}
- alpm_siglist_cleanup(&siglist);
+ if(sigdata) {
+ *sigdata = siglist;
+ } else {
+ alpm_siglist_cleanup(siglist);
+ free(siglist);
+ }
+
return ret;
}
diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h
index 8e47b2cd..ee4a94a0 100644
--- a/lib/libalpm/signing.h
+++ b/lib/libalpm/signing.h
@@ -25,7 +25,8 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path);
int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
const char *base64_sig, alpm_siglist_t *result);
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
- const char *base64_sig, int optional, int marginal, int unknown);
+ const char *base64_sig, int optional, int marginal, int unknown,
+ alpm_siglist_t **sigdata);
#endif /* _ALPM_SIGNING_H */