[Rpm-maint] [rpm-software-management/rpm] Harden against crafted inputs (#1471)
Demi Marie Obenour
notifications at github.com
Wed Dec 30 03:52:10 UTC 2020
@DemiMarie commented on this pull request.
> @@ -169,8 +169,8 @@ rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd,
goto exit;
}
- /* Read the signature header. Might not be in a contiguous region. */
- if (hdrblobRead(fd, 1, 0, RPMTAG_HEADERSIGNATURES, sigblob, &msg))
+ /* Read the signature header. Must be in a contiguous region. */
+ if (hdrblobRead(fd, 1, 1, RPMTAG_HEADERSIGNATURES, sigblob, &msg))
Personally, I would prefer to revert https://github.com/rpm-software-management/rpm/commit/34c2ba3c6a80a778cdf2e42a9193b3264e08e1b3. The reason is attack surface: we run quite a bit of code for non-contiguous headers that we don’t run for contiguous headers. Since this code is run before signature verification, this is significant. I would rather not increase our attack surface to work around broken third-party signers.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1471#discussion_r549926309
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20201229/950e4b11/attachment.html>
More information about the Rpm-maint
mailing list