[Rpm-maint] [PATCH 3/5] Check range of algo index parameter before accessing array with it

Fri Apr 22 13:01:17 UTC 2016

Check the range of the algo index parameter before using it for
accessing an array.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 lib/rpmsignfiles.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/rpmsignfiles.c b/lib/rpmsignfiles.c
index b7d9ccc..97a5be4 100644
--- a/lib/rpmsignfiles.c
+++ b/lib/rpmsignfiles.c
@@ -32,6 +32,8 @@ static const char *hash_algo_name[] = {
     [PGPHASHALGO_SHA224]       = "sha224",
 };
 
+#define ARRAY_SIZE(a)  (sizeof(a) / sizeof(a[0]))
+
 char *get_fskpass(void)
 {
     struct termios flags, tmp_flags;
@@ -130,6 +132,10 @@ rpmRC rpmSignFiles(Header h, const char *key, char *keypass)
 	rpmlog(RPMLOG_ERR, _("missing RPMTAG_FILEDIGESTALGO\n"));
 	return RPMRC_FAIL;
     }
+    if (algo < 0 || algo >= ARRAY_SIZE(hash_algo_name)) {
+	rpmlog(RPMLOG_ERR, _("File digest algorithm id is invalid"));
+	return RPMRC_FAIL;
+    }
 
     diglen = rpmDigestLength(algo);
     algoname = hash_algo_name[algo];
-- 
2.5.5

