Okay, looks better, but there are a couple of further improvements to be made.
This being security sensitive code, you'll want the logic to be as lean and
mean and obvious as you possibly can.
There are two entirely separate cases here:
- no key, which can only return FAIL/NOKEY
- one or more matches, which can only return FAIL/OK
You'll want those in a top-level if-else so there's no doubt whatsoever: only
one of them can execute, and keyptr can only be set by the latter. Which means
"key" can and should move to a more local scope in the second. And for the no
key case, it'd actually be a good idea to add an actual assert to make it 200%
clear: it can never ever return OK.
Add that helper function around the pgpVerifySignature2() and lints collection
as I suggested in the previous comment, it's not that it's a large amount of
code but to prove a point: even the simple three lines differ here, the first
one using a gcc-extension syntax. Plus it'll make the business logic stand out
more by isolating the C strings management out of sight entirely.
The log output logic can probably simplified a lot by realizing that if we get
an OK, we can just wipe out any previous results away: with the above logic
impelemented, they can only be from non-matching keys and uninteresting if we
found a match. So just do results.clear() if you got OK and then you can simply
log any non-empty output.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#issuecomment-2434402606
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3398/c2434402...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
