summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gpg-interface.c2
-rwxr-xr-xt/t7004-tag.sh25
2 files changed, 27 insertions, 0 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index c6274c14af..127aecfc2b 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -1,4 +1,5 @@
#include "cache.h"
+#include "commit.h"
#include "config.h"
#include "run-command.h"
#include "strbuf.h"
@@ -366,6 +367,7 @@ int parse_signature(const char *buf, size_t size, struct strbuf *payload, struct
size_t match = parse_signed_buffer(buf, size);
if (match != size) {
strbuf_add(payload, buf, match);
+ remove_signature(payload);
strbuf_add(signature, buf + match, size - match);
return 1;
}
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index 05f411c821..6fb4e3cf11 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -17,6 +17,13 @@ tag_exists () {
git show-ref --quiet --verify refs/tags/"$1"
}
+test_expect_success 'setup' '
+ test_oid_cache <<-EOM
+ othersigheader sha1:gpgsig-sha256
+ othersigheader sha256:gpgsig
+ EOM
+'
+
test_expect_success 'listing all tags in an empty tree should succeed' '
git tag -l &&
git tag
@@ -1371,6 +1378,24 @@ test_expect_success GPG \
'test_config gpg.program echo &&
test_must_fail git tag -s -m tail tag-gpg-failure'
+# try to produce invalid signature
+test_expect_success GPG 'git verifies tag is valid with double signature' '
+ git tag -s -m tail tag-gpg-double-sig &&
+ git cat-file tag tag-gpg-double-sig >tag &&
+ othersigheader=$(test_oid othersigheader) &&
+ sed -ne "/^\$/q;p" tag >new-tag &&
+ cat <<-EOM >>new-tag &&
+ $othersigheader -----BEGIN PGP SIGNATURE-----
+ someinvaliddata
+ -----END PGP SIGNATURE-----
+ EOM
+ sed -e "1,/^tagger/d" tag >>new-tag &&
+ new_tag=$(git hash-object -t tag -w new-tag) &&
+ git update-ref refs/tags/tag-gpg-double-sig $new_tag &&
+ git verify-tag tag-gpg-double-sig &&
+ git fsck
+'
+
# try to sign with bad user.signingkey
test_expect_success GPGSM \
'git tag -s fails if gpgsm is misconfigured (bad key)' \