[Rpm-maint] [rpm-software-management/rpm] Add OpenSSL crypto backend (#129)

Tomáš Mráz notifications at github.com
Tue Feb 7 10:04:07 UTC 2017


t8m commented on this pull request.



> +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (!sig) return 0;
+
+    if (r) {
+        sig->r = r;
+    }
+
+    if (s) {
+        sig->s = s;
+    }
+
+    return 1;
+}
+#endif /* HAVE_DSA_SIG_SET0 */
+

No, I mean when you assign the sig->r values you overwrite the previous values that could be there which means the previous value will be leaked. If rpm guarantees that pgpSet(Key|Sig)Mpi* functions won't be called on the same key/sig twice with the same index it is not strictly necessary to handle this, because you will have the previous value always set to NULL. But I do not know whether rpm really guarantees that when reading some malformed signature/key data.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/129
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170207/a80c1065/attachment.html>


More information about the Rpm-maint mailing list