From d1df6be2e2babdc0e4fd01689ab630a747ebebc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20P=C3=B6hn?= Date: Thu, 9 Apr 2026 15:45:19 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20publish:=20fix=20exit=20status?= =?UTF-8?q?=20integer=20overflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit publish.py currently uses the number of failed verifications as exit status. `sys.exit(failed)` Whenever the number of failed verification attempts is divisible by 256 the return status is 0. exit status 0 however conveys that there were no errors, so as long as an attacker can controll the number of verification failures they can use this to turn off verification alltogether. --- fdroidserver/publish.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fdroidserver/publish.py b/fdroidserver/publish.py index 42945166..b6c0009a 100644 --- a/fdroidserver/publish.py +++ b/fdroidserver/publish.py @@ -471,7 +471,7 @@ def main(): if failed: logging.error(_('%d APKs failed to be signed or verified!') % failed) if options.error_on_failed: - sys.exit(failed) + sys.exit(1) if __name__ == "__main__":