LBRYCommunity/lbrycrd
1
0
Fork 0
Code Issues 29 Pull requests 1 Projects Releases 32 Packages Wiki Activity

Merge #13479: contrib: Fix CVE-2018-12356 by hardening the regex

Browse source 
9e2e5626da Fix CVE-2018-12356 by hardening the regex. (Loganaden Velvindron)

Pull request description:

  Detailed write-up here:
  https://neopg.io/blog/pass-signature-spoof/

Tree-SHA512: 2020474ff4c7b5e7f1bea932c63da62aca48d3dc6dcd04507afefad6c40f2977ed2d2916defe2e8e7936a2d498125c578077870147954a7af9b29b823cbb0b10
This commit is contained in:
Wladimir J. van der Laan 2018-06-16 15:20:13 +02:00
commit fa2ea37940
No known key found for this signature in database
GPG key ID: 1E4AED62986CD25D
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
contrib/verify-commits/gpg.sh
View file

@ -57,7 +57,7 @@ if ! $VALID; then
exit 1
fi
if $VALID && $REVSIG; then
printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "^\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
echo "$GOODREVSIG"
else
printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null