Bug 795921 - Change MAR verification to use AND semantics for multiple signatures. r=bsmith
authorBrian R. Bondy <netzen@gmail.com>
Wed, 17 Oct 2012 09:39:42 -0400
changeset 110562 29f170efc8b72a2dc82b02f3d2c27c407d699aad
parent 110561 5a6a36d109d7eeb64cfe0bee5cab16290d093424
child 110563 ae0eca054da978be2c15a54c609724f7d1437b5c
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
reviewersbsmith
bugs795921
milestone19.0a1
Bug 795921 - Change MAR verification to use AND semantics for multiple signatures. r=bsmith
modules/libmar/verify/mar_verify.c
--- a/modules/libmar/verify/mar_verify.c
+++ b/modules/libmar/verify/mar_verify.c
@@ -235,17 +235,17 @@ mar_verify_signature_fp(FILE *fp,
   /* Check that we have less than the max amount of signatures so we don't
      waste too much of either updater's or signmar's time. */
   if (signatureCount > MAX_SIGNATURES) {
     fprintf(stderr, "ERROR: At most %d signatures can be specified.\n",
             MAX_SIGNATURES);
     return CryptoX_Error;
   }
 
-  for (i = 0; i < signatureCount && numVerified == 0; i++) {
+  for (i = 0; i < signatureCount && numVerified == i; i++) {
     /* Get the signature algorithm ID */
     if (fread(&signatureAlgorithmID, sizeof(uint32_t), 1, fp) != 1) {
       fprintf(stderr, "ERROR: Could not read signatures algorithm ID.\n");
       return CryptoX_Error;
     }
     signatureAlgorithmID = ntohl(signatureAlgorithmID);
   
     if (fread(&signatureLen, sizeof(uint32_t), 1, fp) != 1) {
@@ -288,22 +288,22 @@ mar_verify_signature_fp(FILE *fp,
         fprintf(stderr, "ERROR: Could not seek back to last signature.\n");
         return CryptoX_Error;
       }
     } else {
       free(extractedSignature);
     }
   }
 
-  /* If we reached here and we verified at least one 
+  /* If we reached here and we verified every
      signature, return success. */
-  if (numVerified > 0) {
+  if (numVerified == signatureCount) {
     return CryptoX_Success;
   } else {
-    fprintf(stderr, "ERROR: No signatures were verified.\n");
+    fprintf(stderr, "ERROR: Not all signatures were verified.\n");
     return CryptoX_Error;
   }
 }
 
 /**
  * Verifies if a specific signature ID matches the extracted signature.
  * 
  * @param  fp                   An opened MAR file handle