[Rpm-maint] [rpm-software-management/rpm] Fixes to PGP packet length decoding detection and calculation (#1701)

Panu Matilainen notifications at github.com
Tue Jun 15 09:22:11 UTC 2021


Couple of very clear bugs in the decoding detection + additional bounds checks, based on patches from @DemiMarie spread across different PR's.

It's plain impossible to review multiple partially overlapping 10+ commit PR's of assorted changes in the GH interface, and we need to get this stuff moving forward one way or the other.
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1701

-- Commit Summary --

  * Minor const correctness fix
  * Fix bugs in new format PGP packet length decoding detection
  * Reject invalid 5-octet new format PGP packet lengths
  * Validate the buffer size when calculating PGP packet size

-- File Changes --

    M rpmio/rpmpgp.c (13)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1701.patch
https://github.com/rpm-software-management/rpm/pull/1701.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1701
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210615/611aca5c/attachment.html>


More information about the Rpm-maint mailing list