From 060ec30e1ccf25e6c03140098b82d5cb13b6fcac Mon Sep 17 00:00:00 2001
From: Federico Fissore <f.fissore@arduino.cc>
Date: Tue, 5 May 2015 08:49:01 +0200
Subject: [PATCH] GPGSignatureVerification: better error handling when reading
 signature

---
 .../contributions/GPGDetachedSignatureVerifier.java   | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/arduino-core/src/cc/arduino/contributions/GPGDetachedSignatureVerifier.java b/arduino-core/src/cc/arduino/contributions/GPGDetachedSignatureVerifier.java
index cd64d59e6..2b23c3387 100644
--- a/arduino-core/src/cc/arduino/contributions/GPGDetachedSignatureVerifier.java
+++ b/arduino-core/src/cc/arduino/contributions/GPGDetachedSignatureVerifier.java
@@ -58,7 +58,16 @@ public class GPGDetachedSignatureVerifier {
       signatureInputStream = new FileInputStream(signature);
       PGPObjectFactory pgpObjectFactory = new PGPObjectFactory(signatureInputStream, new BcKeyFingerprintCalculator());
 
-      PGPSignatureList pgpSignatureList = (PGPSignatureList) pgpObjectFactory.nextObject();
+      Object nextObject;
+      try {
+        nextObject = pgpObjectFactory.nextObject();
+        if (!(nextObject instanceof PGPSignatureList)) {
+          return false;
+        }
+      } catch (IOException e) {
+        return false;
+      }
+      PGPSignatureList pgpSignatureList = (PGPSignatureList) nextObject;
       assert pgpSignatureList.size() == 1;
       PGPSignature pgpSignature = pgpSignatureList.get(0);