[Rpm-maint] Check signature rpm segmentation fault

Panu Matilainen pmatilai at laiskiainen.org
Mon May 23 09:21:29 UTC 2011


On 05/23/2011 11:49 AM, Shakthi Kannan wrote:
> Hi,
>
> I am trying to check if the signature of a RPM package is valid
> (equivalent of rpm --checksig) or not using C. When I run the
> following function through a loop (more than 6 times with rpm 4.8.0,
> and 13 times with rpm 4.8.1) it causes segmentation fault.
>
> === BEGIN ===
>
> #include<rpmlib.h>
> #include<rpmts.h>
>
> int
> rpm_check_signature (char *filename)
> {
>    FD_t fd;
>    rpmts ts;
>    rpmVSFlags vsflags = 0;
>    Header hdr;
>    rpmRC rc;
>
>    rpmReadConfigFiles(NULL, NULL);
>
>    fd = Fopen (filename, "r.ufdio");
>
>    if (fd == NULL) {
>      printf ("Error cannot open file\n");
>      return 1;
>    }
>    else {
>      ts = rpmtsCreate();
>      (void) rpmtsSetVSFlags (ts, vsflags);
>
>      rc = rpmReadPackageFile (ts, fd, filename,&hdr);
>
>      ts = rpmtsFree (ts);
>      Fclose (fd);
>
>      return (rc == RPMRC_OK ? 0 : 1);
>    }
> }
>
> === END ===
>
> I compile it using gcc rpmsig.c -lrpm -lrpmio -I/usr/include/rpm. What
> could be missing in the above? Appreciate any inputs in this regard,

You're re-re-re-re-initializing the rpmlib in a loop, which apparently 
causes the embedded Lua to blow up eventually. Need to look closer what 
can be done about it (of course optimally it shouldn't crash even when 
"abused") but bottom line is: you don't want to do that:

In normal circumstances rpmReadConfigFiles() should only be called once 
in a process lifetime. Also you don't want to create and destroy 
transaction sets in a loop either, you're causing repeated rpmdb opens + 
closes by doing so, only slowing things down. Init the library once, 
create a transaction set and use that to read as many packages as you 
like, and only then free the ts.

	- Panu -


More information about the Rpm-maint mailing list