1 files changed, 7 insertions, 10 deletions

diff --git a/src/usr.bin/signify/zsig.c b/src/usr.bin/signify/zsig.c
index 35ab0cd..e3533fd 100644
--- a/src/usr.bin/signify/zsig.c
+++ b/src/usr.bin/signify/zsig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: zsig.c,v 1.16 2019/03/23 07:10:06 tedu Exp $ */
+/* $OpenBSD: zsig.c,v 1.18 2019/12/22 06:37:25 espie Exp $ */
 /*
  * Copyright (c) 2016 Marc Espie <espie@openbsd.org>
  *
@@ -180,8 +180,8 @@ zverify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
     const char *keytype)
 {
 	struct gzheader h;
-	size_t bufsize;
-	char *p, *meta;
+	size_t bufsize, len;
+	char *p;
 	uint8_t *bufend;
 	int fdin, fdout;
 
@@ -197,13 +197,13 @@ zverify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 	if (!(h.flg & FCOMMENT_FLAG))
 		errx(1, "unsigned gzip archive");
 	fake[8] = h.xflg;
+	len = h.endcomment-h.comment;
 
-	p = verifyzdata(h.comment, h.endcomment-h.comment, sigfile,
+	p = verifyzdata(h.comment, len, sigfile,
 	    pubkeyfile, keytype);
 
 	bufsize = MYBUFSIZE;
 
-	meta = p;
 #define BEGINS_WITH(x, y) memcmp((x), (y), sizeof(y)-1) == 0
 
 	while (BEGINS_WITH(p, "algorithm=SHA512/256") ||
@@ -216,14 +216,11 @@ zverify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 
 	if (*p != '\n')
 		errx(1, "invalid signature");
-	*(p++) = 0;
 
 	fdout = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
-	/* we don't actually copy the header, but put in a fake one with about
-	 * zero useful information.
-	 */
 	writeall(fdout, fake, sizeof fake, msgfile);
-	writeall(fdout, meta, p - meta, msgfile);
+	writeall(fdout, h.comment, len+1, msgfile);
+	*(p++) = 0;
 	copy_blocks(fdout, fdin, p, h.endcomment, bufsize, bufend);
 	free(h.buffer);
 	close(fdout);