Merge branch 'sr/gpg-interface-stop-at-the-end' into maint

gitster · gitster · commit c5d81d7f5938 · 2019-07-29T12:38:17.000-07:00
A codepath that reads from GPG for signed object verification read
past the end of allocated buffer, which has been fixed.

* sr/gpg-interface-stop-at-the-end:
  gpg-interface: do not scan past the end of buffer
diff --git a/gpg-interface.c b/gpg-interface.c
@@ -116,6 +116,9 @@ static void parse_gpg_output(struct signature_check *sigc)
 	for (line = buf; *line; line = strchrnul(line+1, '\n')) {
 		while (*line == '\n')
 			line++;
+		if (!*line)
+			break;
+
 		/* Skip lines that don't start with GNUPG status */
 		if (!skip_prefix(line, "[GNUPG:] ", &line))
 			continue;
