[Pkg-privacy-commits] [msva-perl] 347/356: ensure that fingerprints returned from gpg are untainted when checked.

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch debian
in repository msva-perl.

commit a90072beedb93d0564aee21464630ebe98187f96
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Sat Jul 28 16:42:49 2012 -0400

    ensure that fingerprints returned from gpg are untainted when checked.
---
 Crypt/Monkeysphere/MSVA/MarginalUI.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Crypt/Monkeysphere/MSVA/MarginalUI.pm b/Crypt/Monkeysphere/MSVA/MarginalUI.pm
index 4ccf048..0bfe376 100755
--- a/Crypt/Monkeysphere/MSVA/MarginalUI.pm
+++ b/Crypt/Monkeysphere/MSVA/MarginalUI.pm
@@ -46,7 +46,8 @@
     }
 
     foreach my $keyfpr (@subvalid_key_fprs) {
-      my $fprx = sprintf('0x%.40s', $keyfpr->{fingerprint}->as_hex_string());
+      $keyfpr->{fingerprint}->as_hex_string() =~ /([[:xdigit:]]{0,40})/;
+      my $fprx = '0x' . $1;
       $logger->log('debug', "checking on %s\n", $fprx);
       foreach my $gpgkey ($gnupg->get_public_keys_with_sigs($fprx)) {
         $logger->log('debug', "found key %.40s\n", $gpgkey->fingerprint->as_hex_string);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/msva-perl.git