[Rpm-maint] [rpm-software-management/rpm] heap out of bounds read in copyTdEntry() (#133)
Panu Matilainen
notifications at github.com
Thu Jan 26 14:09:27 UTC 2017
Right, this is (yet another) case where rpm unnecessarily shoots itself in the foot: it does a relatively complex thing of reconstructing the original header from the one we just read and imported in order to check the digest and signature, when it could just check the raw data before looking inside the header at all.
Removing the rain dance with retrieving the immutable header region is a work in progress and have some preliminary patches for that, it'll make a whole class of these issues go away. In the meanwhile we'll need to patch up the existing versions with something less drastic though.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/133#issuecomment-275396445
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170126/9763fd06/attachment.html>
More information about the Rpm-maint
mailing list