From d31eb5ca590699699b99dcb434c4f058bea4c90a Mon Sep 17 00:00:00 2001 Message-Id: From: Mark Wooding Date: Sun, 3 Jun 2018 10:30:49 +0100 Subject: [PATCH] progs/catsign.c; Verify equality of keys more directly. Organization: Straylight/Edgeware From: Mark Wooding Rather than comparing the two keys' `id' slots, just compare the pointers. It's not like we got them from different keyrings or anything. This makes it clear that we're checking that we really have the /same/ key, found by two different paths. Fortunately, this isn't a security problem: the code in `key/key-io.c' won't allow two keys with the same `id' value to exist in the same keyring. This change therefore doesn't have any observable effect. But, seeing as I just had a panic regarding a potential security hole in `tripe-keys', it's as well to make it clear what's actually going on. --- progs/catsign.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/progs/catsign.c b/progs/catsign.c index 671cea6e..accd592f 100644 --- a/progs/catsign.c +++ b/progs/catsign.c @@ -715,7 +715,7 @@ static int verify(int argc, char *argv[]) (unsigned long)s.keyid); exit(EXIT_FAILURE); } - if (kk && k->id != kk->id) { + if (kk && k != kk) { if (v.verb) { dstr_reset(&d); key_fulltag(k, &d); dstr_reset(&dd); key_fulltag(kk, &dd); -- [mdw]