[Rpm-maint] [rpm-software-management/rpm] Fix IMA signature lengths assumed constant (#1833, RhBug:2018937) (PR #1844)
Panu Matilainen
notifications at github.com
Tue Dec 7 10:16:24 UTC 2021
@pmatilai commented on this pull request.
> @@ -579,9 +580,9 @@ const unsigned char * rpmfilesFSignature(rpmfiles fi, int ix, size_t *len)
if (fi != NULL && ix >= 0 && ix < rpmfilesFC(fi)) {
if (fi->signatures != NULL)
- signature = fi->signatures + (fi->signaturelength * ix);
+ signature = fi->signatures + (fi->signaturemaxlen * ix);
It's not any worse because the assumption is the same as with the surrounding code. It's not IDEAL of course but we have this old codebase with million such assumptions and we can't fix it all to address one immediate issue. You don't look for non-optimal welds in the seams first if you have 10m breach in the hull.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1844#discussion_r763842620
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20211207/61972b91/attachment-0001.html>
More information about the Rpm-maint
mailing list