verifyDSASignature() buffer & other fixes

- avoid stpcpy() into static sized buffer
- avoid potential sigp NULL-dereference

diff --git a/lib/signature.c b/lib/signature.c
index c531e26..cf7aaf0 100644 (file)
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -1245,6 +1245,9 @@ verifyDSASignature(rpmts ts, char ** msg,
     const char *hdr;
     int sigver;
 
+    assert(msg != NULL);
+    *msg = NULL;
+
     hdr = (dig != NULL && dig->hdrsha1ctx == sha1ctx) ? _("Header ") : "";
     sigver = sigp !=NULL ? sigp->version : 0;
 
@@ -1314,7 +1317,6 @@ exit:
        rasprintf(msg, _("%sV%d DSA signature: %s\n"),
                  hdr, sigver, rpmSigString(res));
     }
-
     return res;
 }