minisign/minisign-gpg.fail-minisign.patch

From 6c5987575002b7b636f35120fa819fa990248898 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 29 Dec 2025 23:03:30 +0100
Subject: [PATCH] Bail out if the signature file contains unprintable
 characters

Spotted by @two-heart, thanks!
---
 src/minisign.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/src/minisign.c b/src/minisign.c
index 0444716..8f82304 100644
--- a/src/minisign.c
+++ b/src/minisign.c
@@ -72,6 +72,58 @@ usage(void)
     exit(2);
 }
 
+static int
+is_printable(const char *str)
+{
+    const unsigned char *p = (const unsigned char *) (const void *) str;
+
+    while (*p != 0U) {
+        const unsigned char c = *p++;
+
+        if (c == '\t') {
+            continue;
+        } else if (c >= 0x20U && c <= 0x7eU) {
+            continue;
+        } else if (c < 0x20U || c == 0x7fU) {
+            return 0;
+        } else {
+            size_t   need;
+            size_t   i;
+            uint32_t cp;
+
+            if (c >= 0xc2U && c <= 0xdfU) {
+                need = 1U;
+            } else if (c >= 0xe0U && c <= 0xefU) {
+                need = 2U;
+            } else if (c >= 0xf0U && c <= 0xf4U) {
+                need = 3U;
+            } else {
+                return 0;
+            }
+            for (i = 1U; i <= need; i++) {
+                const unsigned char cc = p[i - 1U];
+
+                if (cc == 0U || (cc & 0xc0U) != 0x80U) {
+                    return 0;
+                }
+            }
+            if ((c == 0xe0U && p[0] < 0xa0U) || (c == 0xedU && p[0] > 0x9fU) ||
+                (c == 0xf0U && p[0] < 0x90U) || (c == 0xf4U && p[0] > 0x8fU)) {
+                return 0;
+            }
+            cp = (uint32_t) (c & (need == 1U ? 0x1fU : need == 2U ? 0x0fU : 0x07U));
+            for (i = 1U; i <= need; i++) {
+                cp = (cp << 6) | (uint32_t) (p[i - 1U] & 0x3fU);
+            }
+            if (cp <= 0x1fU || (cp >= 0x7fU && cp <= 0x9fU)) {
+                return 0;
+            }
+            p += need;
+        }
+    }
+    return 1;
+}
+
 static unsigned char *
 message_load_hashed(size_t *message_len, const char *message_file)
 {
@@ -201,6 +253,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
     if (trim(trusted_comment) == 0) {
         exit_msg("Trusted comment too long");
     }
+    if (is_printable(trusted_comment) == 0) {
+        exit_msg("Signature file contains unprintable characters");
+    }
     global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U;
     global_sig_s      = xmalloc(global_sig_s_size);
     if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) {