rugged icon indicating copy to clipboard operation
rugged copied to clipboard
verified publisher icon libgit2

Malformed signed_data from Commit#extract_signature

Open kevinoconnor7 opened this issue 9 years ago • 5 comments

I've been seeing weird behavior with Commit.extract_signature where I'm getting some garbage data at the end of the signed data string.

For example:

repo = Rugged::Repository.new('/tmp/test')
commit = '7cd86ea426f277276367bd955f312fcbadd7bc5d'

# Note: I can only reproduce the error if rev_parse is called first
repo.rev_parse(commit)
p Rugged::Commit.extract_signature(repo, commit)

As a result the signed_data portion of the returned array sometimes has a \n as the last character. However, I get seemingly random data in that last byte.

I was not able to reproduce this in the tests, however, I can reliably reproduce it if I create new repo locally, add a few signed commits, and then try to extract the signatures via rugged.

kevinoconnor7 avatar May 29 '16 00:05 kevinoconnor7

Hi! Thanks for reporting this - can you share the repo that you created that illustrates this problem?

ethomson avatar Jun 01 '16 15:06 ethomson

I reproduced it just creating a repo, touching a file, and committing it with a gpg signed commit. I did this process a few times and it reproduced consistently. If you cannot get it to reproduce doing that then I'll push a repo later today that reproduces the issue

kevinoconnor7 avatar Jun 01 '16 15:06 kevinoconnor7

I took another look today and I cannot get it to reproduce when creating a new repo, but this repo does demonstrate the issue: kevinoconnor7/malform-signature-test

This code:

require 'rugged'
repo = Rugged::Repository.new('/tmp/test')
commit = '7cd86ea426f277276367bd955f312fcbadd7bc5d'

repo.rev_parse(commit)
p Rugged::Commit.extract_signature(repo, commit)
p Rugged::Commit.extract_signature(repo, commit)
p Rugged::Commit.extract_signature(repo, commit)
p Rugged::Commit.extract_signature(repo, commit)
p Rugged::Commit.extract_signature(repo, commit)

produced:

["-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAABAgAGBQJXSik8AAoJEMUNS2x+QKQJ7JUIAMvo3ssUJt7DVEs6pUUqsl9H\n38JrrJCdJpiyl7fy/DymGyWOCxIz2ePwSny40bIUPM73iuWjGDFfai2HTRNUejDR\nPvI2fIUUzPfkXSzdCP2hvWhk9H90Mns9f8qlEnSGBr1qW18khCGJZLl3h19YHo0/\n2adzEDutGv6O/m+HNKgoR436MKsn6Wnu7IcdeOpbL/wFfuFAQ7coFuP8l879TIKq\nziS7296lB4KvMFFezKhBzVIguBjTQYNddEdmMFcPctSTUtleBvfne0y/FGprMU1D\nx3HW/m1j3pTyM3Il1WNhRXce+TxbYlyzOnMAD3t9dAGjP1onzf7YbWyur3s0DKw=\n=igJt\n-----END PGP SIGNATURE-----", "tree d2d6c400e0c2535f3c8a2dae8621707397807a84\nparent accffad46605d3fc79e9ecd1d2c42c1c61a0a596\nauthor Kevin O'Connor <[email protected]> 1464478006 -0400\ncommitter Kevin O'Connor <[email protected]> 1464478006 -0400\n\nAnother commit\n"]
["-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAABAgAGBQJXSik8AAoJEMUNS2x+QKQJ7JUIAMvo3ssUJt7DVEs6pUUqsl9H\n38JrrJCdJpiyl7fy/DymGyWOCxIz2ePwSny40bIUPM73iuWjGDFfai2HTRNUejDR\nPvI2fIUUzPfkXSzdCP2hvWhk9H90Mns9f8qlEnSGBr1qW18khCGJZLl3h19YHo0/\n2adzEDutGv6O/m+HNKgoR436MKsn6Wnu7IcdeOpbL/wFfuFAQ7coFuP8l879TIKq\nziS7296lB4KvMFFezKhBzVIguBjTQYNddEdmMFcPctSTUtleBvfne0y/FGprMU1D\nx3HW/m1j3pTyM3Il1WNhRXce+TxbYlyzOnMAD3t9dAGjP1onzf7YbWyur3s0DKw=\n=igJt\n-----END PGP SIGNATURE-----", "tree d2d6c400e0c2535f3c8a2dae8621707397807a84\nparent accffad46605d3fc79e9ecd1d2c42c1c61a0a596\nauthor Kevin O'Connor <[email protected]> 1464478006 -0400\ncommitter Kevin O'Connor <[email protected]> 1464478006 -0400\n\nAnother commit."]
["-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAABAgAGBQJXSik8AAoJEMUNS2x+QKQJ7JUIAMvo3ssUJt7DVEs6pUUqsl9H\n38JrrJCdJpiyl7fy/DymGyWOCxIz2ePwSny40bIUPM73iuWjGDFfai2HTRNUejDR\nPvI2fIUUzPfkXSzdCP2hvWhk9H90Mns9f8qlEnSGBr1qW18khCGJZLl3h19YHo0/\n2adzEDutGv6O/m+HNKgoR436MKsn6Wnu7IcdeOpbL/wFfuFAQ7coFuP8l879TIKq\nziS7296lB4KvMFFezKhBzVIguBjTQYNddEdmMFcPctSTUtleBvfne0y/FGprMU1D\nx3HW/m1j3pTyM3Il1WNhRXce+TxbYlyzOnMAD3t9dAGjP1onzf7YbWyur3s0DKw=\n=igJt\n-----END PGP SIGNATURE-----", "tree d2d6c400e0c2535f3c8a2dae8621707397807a84\nparent accffad46605d3fc79e9ecd1d2c42c1c61a0a596\nauthor Kevin O'Connor <[email protected]> 1464478006 -0400\ncommitter Kevin O'Connor <[email protected]> 1464478006 -0400\n\nAnother commit\n"]
["-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAABAgAGBQJXSik8AAoJEMUNS2x+QKQJ7JUIAMvo3ssUJt7DVEs6pUUqsl9H\n38JrrJCdJpiyl7fy/DymGyWOCxIz2ePwSny40bIUPM73iuWjGDFfai2HTRNUejDR\nPvI2fIUUzPfkXSzdCP2hvWhk9H90Mns9f8qlEnSGBr1qW18khCGJZLl3h19YHo0/\n2adzEDutGv6O/m+HNKgoR436MKsn6Wnu7IcdeOpbL/wFfuFAQ7coFuP8l879TIKq\nziS7296lB4KvMFFezKhBzVIguBjTQYNddEdmMFcPctSTUtleBvfne0y/FGprMU1D\nx3HW/m1j3pTyM3Il1WNhRXce+TxbYlyzOnMAD3t9dAGjP1onzf7YbWyur3s0DKw=\n=igJt\n-----END PGP SIGNATURE-----", "tree d2d6c400e0c2535f3c8a2dae8621707397807a84\nparent accffad46605d3fc79e9ecd1d2c42c1c61a0a596\nauthor Kevin O'Connor <[email protected]> 1464478006 -0400\ncommitter Kevin O'Connor <[email protected]> 1464478006 -0400\n\nAnother commit."]
["-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAABAgAGBQJXSik8AAoJEMUNS2x+QKQJ7JUIAMvo3ssUJt7DVEs6pUUqsl9H\n38JrrJCdJpiyl7fy/DymGyWOCxIz2ePwSny40bIUPM73iuWjGDFfai2HTRNUejDR\nPvI2fIUUzPfkXSzdCP2hvWhk9H90Mns9f8qlEnSGBr1qW18khCGJZLl3h19YHo0/\n2adzEDutGv6O/m+HNKgoR436MKsn6Wnu7IcdeOpbL/wFfuFAQ7coFuP8l879TIKq\nziS7296lB4KvMFFezKhBzVIguBjTQYNddEdmMFcPctSTUtleBvfne0y/FGprMU1D\nx3HW/m1j3pTyM3Il1WNhRXce+TxbYlyzOnMAD3t9dAGjP1onzf7YbWyur3s0DKw=\n=igJt\n-----END PGP SIGNATURE-----", "tree d2d6c400e0c2535f3c8a2dae8621707397807a84\nparent accffad46605d3fc79e9ecd1d2c42c1c61a0a596\nauthor Kevin O'Connor <[email protected]> 1464478006 -0400\ncommitter Kevin O'Connor <[email protected]> 1464478006 -0400\n\nAnother commit."]

kevinoconnor7 avatar Jun 04 '16 18:06 kevinoconnor7

This looks like we might not be properly filling in the buffer, since there is no period in that commit.

carlosmn avatar Jun 21 '16 05:06 carlosmn

This seems to be fixed starting with 0.26.0b4.

koffeinfrei avatar Jun 19 '17 15:06 koffeinfrei