@pmatilai commented on this pull request.
>
- if (keyring && sig) {
+ if (sig && ctx) {
+ char *lints = NULL;
This will be moot once you add the wrapper around pgpVerifySignature2() which
makes lints local, but this is another example of a variable in the wrong scope
and in this case, dangerous: lints can be free'd and then accessed again later,
but the pointer is not NULL'ed which is akin to leaving a booby trap in the
code. Does pgpVerifySignature() *always* assign to the lints pointer when
passed? Maybe it does, but if not then we can end up accessing freed memory.
You don't want to rely on such a thing.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#pullrequestreview-2391454399
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3398/review/2391454...@github.com>_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
