From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 3 Jun 2018 09:30:49 +0000 (+0100)
Subject: progs/catsign.c; Verify equality of keys more directly.
X-Git-Tag: 2.4.2~11
X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/commitdiff_plain/d31eb5ca590699699b99dcb434c4f058bea4c90a

progs/catsign.c; Verify equality of keys more directly.

Rather than comparing the two keys' `id' slots, just compare the
pointers.  It's not like we got them from different keyrings or
anything.  This makes it clear that we're checking that we really have
the /same/ key, found by two different paths.

Fortunately, this isn't a security problem: the code in `key/key-io.c'
won't allow two keys with the same `id' value to exist in the same
keyring.  This change therefore doesn't have any observable effect.
But, seeing as I just had a panic regarding a potential security hole in
`tripe-keys', it's as well to make it clear what's actually going on.
---

diff --git a/progs/catsign.c b/progs/catsign.c
index 671cea6e..accd592f 100644
--- a/progs/catsign.c
+++ b/progs/catsign.c
@@ -715,7 +715,7 @@ static int verify(int argc, char *argv[])
 		       (unsigned long)s.keyid);
     exit(EXIT_FAILURE);
   }
-  if (kk && k->id != kk->id) {
+  if (kk && k != kk) {
     if (v.verb) {
       dstr_reset(&d); key_fulltag(k, &d);
       dstr_reset(&dd); key_fulltag(kk, &dd);