===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/zsig.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- src/usr.bin/signify/zsig.c	2019/12/22 06:37:25	1.18
+++ src/usr.bin/signify/zsig.c	2023/04/29 10:08:18	1.19
@@ -1,4 +1,4 @@
-/* $OpenBSD: zsig.c,v 1.18 2019/12/22 06:37:25 espie Exp $ */
+/* $OpenBSD: zsig.c,v 1.19 2023/04/29 10:08:18 espie Exp $ */
 /*
  * Copyright (c) 2016 Marc Espie <espie@openbsd.org>
  *
@@ -160,6 +160,8 @@
 			if (more == 0)
 				break;
 		}
+		if (n == 0)
+			break;
 		SHA512_256Data(buffer, n, output);
 		if (endsha - sha < SHA512_256_DIGEST_STRING_LENGTH-1)
 			errx(4, "signature truncated");
@@ -172,6 +174,8 @@
 		if (n != bufsize)
 			break;
 	}
+	if (endsha != sha)
+		errx(4, "file truncated");
 	free(buffer);
 }