[Rpm-maint] [rpm-software-management/rpm] Typecheck header tags match our definitions prior to import (#242, #414) (dfd236d)
Jeff Johnson
notifications at github.com
Tue Mar 20 10:59:35 UTC 2018
Tagno's are sorted: make sure every tagno is larger than its predecessor, smaller than its successor, as well is within defined range(s) to harden tagno values sufficiently to risk overriding the type field.
The signature header, and accesses of the metadata header before the digest is verified are the only cases that are "risky". The signature tagno's are a speshully well known enumerated set, mandatory digest verification of the metadata header, and the fuzz busters will be history.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/commit/dfd236d8b41a60f6bfad75db55f07b9617d191ad#commitcomment-28174266
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20180320/8558f877/attachment.html>
More information about the Rpm-maint
mailing list