Browse Source

Fix CVE-2018-12356 by hardening the regex. (#503)

0.16
jaykishan mutkawoa 7 years ago committed by Adrian Gallagher
parent
commit
2bce040c78
No known key found for this signature in database
GPG Key ID: FE3348877809386C
  1. 2
      contrib/verify-commits/gpg.sh

2
contrib/verify-commits/gpg.sh

@ -57,7 +57,7 @@ if ! $VALID; then @@ -57,7 +57,7 @@ if ! $VALID; then
exit 1
fi
if $VALID && $REVSIG; then
printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "^\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
echo "$GOODREVSIG"
else
printf '%s\n' "$INPUT" | gpg --trust-model always "$@" 2>/dev/null

Loading…
Cancel
Save