ARC: harden parsing of signing spec. Bug 2639

diff --git a/src/src/arc.c b/src/src/arc.c
index 0617312801f342f4500f21c6096942d27bbf54f9..c1407af60258d8cf971f0f187c355786230e3599 100644 (file)
--- a/src/src/arc.c
+++ b/src/src/arc.c
@@ -1607,10 +1607,10 @@ expire = now = 0;
 
 /* Parse the signing specification */
 
-identity = string_nextinlist(&signspec, &sep, NULL, 0);
-selector = string_nextinlist(&signspec, &sep, NULL, 0);
-if (  !*identity || !*selector
-   || !(privkey = string_nextinlist(&signspec, &sep, NULL, 0)) || !*privkey)
+if (  !(identity = string_nextinlist(&signspec, &sep, NULL, 0)) || !*identity
+   || !(selector = string_nextinlist(&signspec, &sep, NULL, 0)) || !*selector
+   || !(privkey = string_nextinlist(&signspec, &sep, NULL, 0))  || !*privkey
+   )
   {
   s = !*identity ? US"identity" : !*selector ? US"selector" : US"private-key";
   goto bad_arg_ret;