[Rpm-maint] [rpm-software-management/rpm] Fix off-by-one in hdrblobGet() making last entry unreachable (RhBug:1… (#803)

Panu Matilainen notifications at github.com
Wed Jul 31 09:15:04 UTC 2019


…722921)

hdrblobGet() introduced in commits acfde0d0e812e9f8e153ab6be8c9f2682bdd4763
and 9821de18811db97238c34a564221e315f5f35b44 has an off-by-one thinko
(perhaps the idea was to skip the first, region tag) which causes
the last entry to be unreachable. In typical packages, that is
RPMSIG_PAYLOADSIZE which is not used at all in this context so it doesn't
matter, but in large packages use RPMSIG_LONGARCHIVESIZE which has a lower
tag number and leaves either RPMSIGTAG_MD5 or RPMSIGTAG_GPG last,
unreachable and thus unverifiable. Oops.

This fixes the regression introduced in rpm 4.14, affecting verification
of large packages (ie having RPMSIG_LONGARCHIVESIZE)
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/803

-- Commit Summary --

  * Fix off-by-one in hdrblobGet() making last entry unreachable (RhBug:1722921)

-- File Changes --

    M lib/header.c (2)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/803.patch
https://github.com/rpm-software-management/rpm/pull/803.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/803
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20190731/042f2db2/attachment.html>


More information about the Rpm-maint mailing list