fix: Header SHA1 was giving false positive.

CVS patchset: 5567
CVS date: 2002/07/21 22:37:14

diff --git a/lib/signature.c b/lib/signature.c
index 732be4f..78b134a 100644 (file)
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -976,7 +976,7 @@ verifySHA1Signature(const rpmts ts, /*@out@*/ char * t,
     (void) rpmDigestFinal(rpmDigestDup(sha1ctx),
                (void **)&SHA1, NULL, 1);
 
-    if (SHA1 == NULL || strlen(SHA1) != strlen(sig)) {
+    if (SHA1 == NULL || strlen(SHA1) != strlen(sig) || strcmp(SHA1, sig)) {
        res = RPMSIG_BAD;
        t = stpcpy(t, rpmSigString(res));
        t = stpcpy(t, " Expected(");