[pacman-dev] [PATCH] Check for all return values of _alpm_key_in_keychain

[David Phillips]

This fixes a bug I encountered with a GPG keyring where the
key id used to locate a key in the keyring was ambiguous within
my keychain.

This commit ensures that all valid return values are checked to
catch this and related error cases rather than incorrectly taking
an error case to mean the key was found, since this is rarely going
to be the case.
---
 lib/libalpm/be_package.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c
index 7e8b7920..1891fa5a 100644
--- a/lib/libalpm/be_package.c
+++ b/lib/libalpm/be_package.c
@@ -754,10 +754,21 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful
 				alpm_list_t *k;
 				for(k = keys; k; k = k->next) {
 					char *key = k->data;
-					if(_alpm_key_in_keychain(handle, key) == 0) {
-						if(_alpm_key_import(handle, key) == -1) {
+					switch(_alpm_key_in_keychain(handle, key)) {
+						case 1:
+							/* key is known; proceed */
+							break;
+						case 0:
+							/* key is unknown; attempt to import */
+							if(_alpm_key_import(handle, key) == -1) {
+								fail = 1;
+							}
+							break;
+						case -1:
+							/* error finding key in keychain */
+						default:
 							fail = 1;
-						}
+							break;
 					}
 				}
 				FREELIST(keys);
-- 
2.12.2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20170421/130ab80a/attachment.asc>