[Rpm-maint] [rpm-software-management/rpm] Add OpenSSL crypto backend (#129)
Tomáš Mráz
notifications at github.com
Tue Feb 7 10:04:07 UTC 2017
t8m commented on this pull request.
> +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+ if (!sig) return 0;
+
+ if (r) {
+ sig->r = r;
+ }
+
+ if (s) {
+ sig->s = s;
+ }
+
+ return 1;
+}
+#endif /* HAVE_DSA_SIG_SET0 */
+
No, I mean when you assign the sig->r values you overwrite the previous values that could be there which means the previous value will be leaked. If rpm guarantees that pgpSet(Key|Sig)Mpi* functions won't be called on the same key/sig twice with the same index it is not strictly necessary to handle this, because you will have the previous value always set to NULL. But I do not know whether rpm really guarantees that when reading some malformed signature/key data.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/129
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170207/a80c1065/attachment.html>
More information about the Rpm-maint
mailing list