| 234 | } |
| 235 | |
| 236 | static void parse_gpg_output(struct signature_check *sigc) |
| 237 | { |
| 238 | const char *buf = sigc->gpg_status; |
| 239 | const char *line, *next; |
| 240 | int j; |
| 241 | int seen_exclusive_status = 0; |
| 242 | |
| 243 | /* Iterate over all lines */ |
| 244 | for (line = buf; *line; line = strchrnul(line+1, '\n')) { |
| 245 | while (*line == '\n') |
| 246 | line++; |
| 247 | if (!*line) |
| 248 | break; |
| 249 | |
| 250 | /* Skip lines that don't start with GNUPG status */ |
| 251 | if (!skip_prefix(line, "[GNUPG:] ", &line)) |
| 252 | continue; |
| 253 | |
| 254 | /* Iterate over all search strings */ |
| 255 | for (size_t i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) { |
| 256 | if (skip_prefix(line, sigcheck_gpg_status[i].check, &line)) { |
| 257 | /* |
| 258 | * GOODSIG, BADSIG etc. can occur only once for |
| 259 | * each signature. Therefore, if we had more |
| 260 | * than one then we're dealing with multiple |
| 261 | * signatures. We don't support them |
| 262 | * currently, and they're rather hard to |
| 263 | * create, so something is likely fishy and we |
| 264 | * should reject them altogether. |
| 265 | */ |
| 266 | if (sigcheck_gpg_status[i].flags & GPG_STATUS_EXCLUSIVE) { |
| 267 | if (seen_exclusive_status++) |
| 268 | goto error; |
| 269 | } |
| 270 | |
| 271 | if (sigcheck_gpg_status[i].result) |
| 272 | sigc->result = sigcheck_gpg_status[i].result; |
| 273 | /* Do we have key information? */ |
| 274 | if (sigcheck_gpg_status[i].flags & GPG_STATUS_KEYID) { |
| 275 | next = strchrnul(line, ' '); |
| 276 | replace_cstring(&sigc->key, line, next); |
| 277 | /* Do we have signer information? */ |
| 278 | if (*next && (sigcheck_gpg_status[i].flags & GPG_STATUS_UID)) { |
| 279 | line = next + 1; |
| 280 | next = strchrnul(line, '\n'); |
| 281 | replace_cstring(&sigc->signer, line, next); |
| 282 | } |
| 283 | } |
| 284 | |
| 285 | /* Do we have trust level? */ |
| 286 | if (sigcheck_gpg_status[i].flags & GPG_STATUS_TRUST_LEVEL) { |
| 287 | /* |
| 288 | * GPG v1 and v2 differs in how the |
| 289 | * TRUST_ lines are written. Some |
| 290 | * trust lines contain no additional |
| 291 | * space-separated information for v1. |
| 292 | */ |
| 293 | size_t trust_size = strcspn(line, " \n"); |
no test coverage detected