[Rpm-maint] [rpm-software-management/rpm] Fix IMA signature lengths assumed constant (#1833, RhBug:2018937) (PR #1844)
Demi Marie Obenour
notifications at github.com
Mon Dec 6 13:48:11 UTC 2021
@DemiMarie commented on this pull request.
There are a few areas where I would like to see a proof of no integer overflow.
> const char *s;
+ /* Figure string sizes + max length for allocation purposes */
+ if (lengths) {
+ int maxl = 0;
+ int *lens = xmalloc(num * sizeof(*lens));
```suggestion
int *lens = xcalloc(num, sizeof(*lens));
```
This is safer in the event of an overflow.
> const char *s;
+ /* Figure string sizes + max length for allocation purposes */
+ if (lengths) {
+ int maxl = 0;
+ int *lens = xmalloc(num * sizeof(*lens));
+ int i = 0;
+
+ while ((s = rpmtdNextString(&td))) {
+ lens[i] = strlen(s) / 2;
What if `strlen(s)` is odd? That should be an error.
> @@ -579,9 +580,9 @@ const unsigned char * rpmfilesFSignature(rpmfiles fi, int ix, size_t *len)
if (fi != NULL && ix >= 0 && ix < rpmfilesFC(fi)) {
if (fi->signatures != NULL)
- signature = fi->signatures + (fi->signaturelength * ix);
+ signature = fi->signatures + (fi->signaturemaxlen * ix);
Is there a proof that this cannot overflow?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1844#pullrequestreview-823965693
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20211206/d3823792/attachment.html>
More information about the Rpm-maint
mailing list