forked from lix-project/lix
Merge pull request #2452 from ElvishJerricco/verify-sigs-overflow
Fix overflow when verifying signatures of content addressable paths
This commit is contained in:
commit
01bd66bf83
|
@ -120,7 +120,7 @@ struct CmdVerify : StorePathsCommand
|
||||||
for (auto sig : sigs) {
|
for (auto sig : sigs) {
|
||||||
if (sigsSeen.count(sig)) continue;
|
if (sigsSeen.count(sig)) continue;
|
||||||
sigsSeen.insert(sig);
|
sigsSeen.insert(sig);
|
||||||
if (info->checkSignature(publicKeys, sig))
|
if (validSigs < ValidPathInfo::maxSigs && info->checkSignature(publicKeys, sig))
|
||||||
validSigs++;
|
validSigs++;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
@ -62,6 +62,10 @@ outPathCA=$(IMPURE_VAR1=foo IMPURE_VAR2=bar nix-build ./fixed.nix -A good.0 --no
|
||||||
nix verify $outPathCA
|
nix verify $outPathCA
|
||||||
nix verify $outPathCA --sigs-needed 1000
|
nix verify $outPathCA --sigs-needed 1000
|
||||||
|
|
||||||
|
# Check that signing a content-addressed path doesn't overflow validSigs
|
||||||
|
nix sign-paths --key-file $TEST_ROOT/sk1 $outPathCA
|
||||||
|
nix verify -r $outPathCA --sigs-needed 1000 --trusted-public-keys $pk1
|
||||||
|
|
||||||
# Copy to a binary cache.
|
# Copy to a binary cache.
|
||||||
nix copy --to file://$cacheDir $outPath2
|
nix copy --to file://$cacheDir $outPath2
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue