From: Gideon Jan-Wessel Redelinghuys <gjredelinghuys@gmail.com>
Date: Thu, 7 Jul 2011 00:49:03 +0000 (+1000)
Subject: crypto/openpgp: fixed dangerous use of for loop variable
X-Git-Tag: weekly.2011-07-07~11
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=582d6e5848e030564cc131d345e61c29ed936ec5;p=gostls13.git

crypto/openpgp: fixed dangerous use of for loop variable

In function readSignedMessage a pointer to for loop variable 'key' was incorrectly being assigned
to md.SignedBy. Changed so that md.SignedBy is pointing to the 'more correct' memory position.

R=golang-dev, r, agl
CC=golang-dev
https://golang.org/cl/4631088
---

diff --git a/src/pkg/crypto/openpgp/read.go b/src/pkg/crypto/openpgp/read.go
index 6830147524..d95f613c62 100644
--- a/src/pkg/crypto/openpgp/read.go
+++ b/src/pkg/crypto/openpgp/read.go
@@ -250,11 +250,12 @@ FindLiteralData:
 			md.IsSigned = true
 			md.SignedByKeyId = p.KeyId
 			keys := keyring.KeysById(p.KeyId)
-			for _, key := range keys {
+			for i, key := range keys {
 				if key.SelfSignature.FlagsValid && !key.SelfSignature.FlagSign {
 					continue
 				}
-				md.SignedBy = &key
+				md.SignedBy = &keys[i]
+				break
 			}
 		case *packet.LiteralData:
 			md.LiteralData = p