diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index b6cb8c4e..31a7297d 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -330,13 +330,18 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle, /* even if we don't have a sig, run the check code if level tells us to */ if(has_sig || level & ALPM_SIG_PACKAGE) { const char *sig = syncpkg ? syncpkg->base64_sig : NULL; + alpm_siglist_t *siglist; _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : ""); if(_alpm_check_pgp_helper(handle, pkgfile, sig, level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, - level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) { + level & ALPM_SIG_PACKAGE_UNKNOWN_OK, &siglist)) { handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG; + alpm_siglist_cleanup(siglist); + free(siglist); return -1; } + alpm_siglist_cleanup(siglist); + free(siglist); } return 0; diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 7eb2539b..ef0f1ef4 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -70,6 +70,7 @@ static int sync_db_validate(alpm_db_t *db) { alpm_siglevel_t level; const char *dbpath; + alpm_siglist_t *siglist; if(db->status & DB_STATUS_VALID || db->status & DB_STATUS_MISSING) { return 0; @@ -102,10 +103,14 @@ static int sync_db_validate(alpm_db_t *db) if(level & ALPM_SIG_DATABASE) { if(_alpm_check_pgp_helper(db->handle, dbpath, NULL, level & ALPM_SIG_DATABASE_OPTIONAL, level & ALPM_SIG_DATABASE_MARGINAL_OK, - level & ALPM_SIG_DATABASE_UNKNOWN_OK)) { + level & ALPM_SIG_DATABASE_UNKNOWN_OK, &siglist)) { db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG; + alpm_siglist_cleanup(siglist); + free(siglist); return 1; } + alpm_siglist_cleanup(siglist); + free(siglist); } valid: diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index bcc91046..7e05a237 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -435,15 +435,17 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path) } int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, - const char *base64_sig, int optional, int marginal, int unknown) + const char *base64_sig, int optional, int marginal, int unknown, + alpm_siglist_t **sigdata) { - alpm_siglist_t siglist; + alpm_siglist_t *siglist; int ret; - memset(&siglist, 0, sizeof(alpm_siglist_t)); + CALLOC(siglist, 1, sizeof(alpm_siglist_t), + RET_ERR(handle, ALPM_ERR_MEMORY, -1)); _alpm_log(handle, ALPM_LOG_DEBUG, "checking signatures for %s\n", path); - ret = _alpm_gpgme_checksig(handle, path, base64_sig, &siglist); + ret = _alpm_gpgme_checksig(handle, path, base64_sig, siglist); if(ret && handle->pm_errno == ALPM_ERR_SIG_MISSING) { if(optional) { _alpm_log(handle, ALPM_LOG_DEBUG, "missing optional signature\n"); @@ -458,12 +460,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, /* ret will already be -1 */ } else { size_t num; - for(num = 0; !ret && num < siglist.count; num++) { - switch(siglist.results[num].status) { + for(num = 0; !ret && num < siglist->count; num++) { + switch(siglist->results[num].status) { case ALPM_SIGSTATUS_VALID: case ALPM_SIGSTATUS_KEY_EXPIRED: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n"); - switch(siglist.results[num].validity) { + switch(siglist->results[num].validity) { case ALPM_SIGVALIDITY_FULL: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n"); break; @@ -495,7 +497,13 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, } } - alpm_siglist_cleanup(&siglist); + if(sigdata) { + *sigdata = siglist; + } else { + alpm_siglist_cleanup(siglist); + free(siglist); + } + return ret; } diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h index 8e47b2cd..ee4a94a0 100644 --- a/lib/libalpm/signing.h +++ b/lib/libalpm/signing.h @@ -25,7 +25,8 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path); int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, const char *base64_sig, alpm_siglist_t *result); int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, - const char *base64_sig, int optional, int marginal, int unknown); + const char *base64_sig, int optional, int marginal, int unknown, + alpm_siglist_t **sigdata); #endif /* _ALPM_SIGNING_H */