[Rpm-maint] [rpm-software-management/rpm] RFE: Pre-validate (all) header data for semantic consistency (#242)
Panu Matilainen
notifications at github.com
Wed Jun 28 09:47:40 UTC 2017
The common theme in tickets #135, #136, #137, #138 and #139 is that the datatype of a valid tag is changed to something incompatible, such as an integer tag is changed to string, which then causes crash-and-burn in various places, many of which are not able to return an error even if they bothered to check for the types etc.
Mandatory signature checking makes this less of an issue, or rather shift the issue to key management. But optimally rpm should not crash on invalid data, even with --nosignature/--nodigest. The signature header data is fairly thoroughly validated before use, we should have something similar for the main header. Piles of more data to deal with, and many conditionals like if tag X is there then otherwise optional Y must be present too etc, but validating our used tags are type sane etc could be considered a starting point at least.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/242
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170628/2b4f906a/attachment.html>
More information about the Rpm-maint
mailing list