During signature validation, do not store any state until entire validation

kommendorkapten · kommendorkapten · commit 9e8f8696c37a · 2022-06-21T07:40:17.000+02:00
is done.

Signed-off-by: Fredrik Skogman &lt;kommendorkapten@github.com&gt;
diff --git a/pkg/types/cose/v0.0.1/entry.go b/pkg/types/cose/v0.0.1/entry.go
@@ -239,15 +239,16 @@ func (v *V001Entry) validate() error {
 	if err != nil {
 		return err
 	}
-	v.sign1Msg = gocose.NewSign1Message()
-	if err := v.sign1Msg.UnmarshalCBOR(v.CoseObj.Message); err != nil {
+	sign1Msg := gocose.NewSign1Message()
+	if err := sign1Msg.UnmarshalCBOR(v.CoseObj.Message); err != nil {
 		return err
 	}
 
-	if err := v.sign1Msg.Verify(v.CoseObj.Data.Aad, bv); err != nil {
+	if err := sign1Msg.Verify(v.CoseObj.Data.Aad, bv); err != nil {
 		return err
 	}
 
+	v.sign1Msg = sign1Msg
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -239,15 +239,16 @@ func (v *V001Entry) validate() error {`
`239`	`239`	`if err != nil {`
`240`	`240`	`return err`
`241`	`241`	`}`
`242`		`- v.sign1Msg = gocose.NewSign1Message()`
`243`		`- if err := v.sign1Msg.UnmarshalCBOR(v.CoseObj.Message); err != nil {`
	`242`	`+ sign1Msg := gocose.NewSign1Message()`
	`243`	`+ if err := sign1Msg.UnmarshalCBOR(v.CoseObj.Message); err != nil {`
`244`	`244`	`return err`
`245`	`245`	`}`
`246`	`246`
`247`		`- if err := v.sign1Msg.Verify(v.CoseObj.Data.Aad, bv); err != nil {`
	`247`	`+ if err := sign1Msg.Verify(v.CoseObj.Data.Aad, bv); err != nil {`
`248`	`248`	`return err`
`249`	`249`	`}`
`250`	`250`
	`251`	`+ v.sign1Msg = sign1Msg`
`251`	`252`	`return nil`
`252`	`253`	`}`
`253`	`254`