make sure we don't generate a signature that's too long.

diff --git a/clients/moira/user.c b/clients/moira/user.c
index f1f377c86fa5dcc2706fa74518edb06f4207e49c..26a9ef4b2de62cd9da5c98c4d95e37cebf133c01 100644 (file)
--- a/clients/moira/user.c
+++ b/clients/moira/user.c
@@ -312,9 +312,22 @@ Bool name;
        if (i != GDSS_SUCCESS) {
            free(info[U_SIGNATURE]);
            info[U_SIGNATURE] = malloc(GDSS_Sig_Size() * 2);
+       sign_again:
            i = GDSS_Sign(temp_buf, strlen(temp_buf), info[U_SIGNATURE]);
            if (i != GDSS_SUCCESS)
              com_err(program_name, gdss2et(i), "Failed to create signature");
+           else {
+               unsigned char buf[256];
+               si.rawsig = buf;
+               i = GDSS_Verify(temp_buf, strlen(temp_buf),
+                               info[U_SIGNATURE], &si);
+               if (strlen(buf) > 68) {
+#ifdef DEBUG
+                   Put_message("Signature too long, trying again");
+#endif /* DEBUG */
+                   goto sign_again;
+               }
+           }
 #ifdef DEBUG
            Put_message("Made signature:");hex_dump(info[U_SIGNATURE]);
        } else {