[Rpm-maint] [rpm-software-management/rpm] Fix handling of bad IMA and fsverity signatures (PR #1913)
Demi Marie Obenour
notifications at github.com
Mon Feb 7 00:12:55 UTC 2022
This is based on #1900, but it includes additional protections. #1900 just contains the security fix, whereas this PR also prevents RPM from crashing and/or leaking memory.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1913
-- Commit Summary --
* Add rmallocarray()
* Fix IMA signature lengths assumed constant (again)
* Impose a limit on hex2bin() memory allocs
* Avoid calling memcpy() on NULL
* Fix inverted logic in base2bin()
* Limit the amount of memory base2bin() will allocate
* Fix memory leak if base64 decoding fails
-- File Changes --
M lib/rpmfi.c (46)
M rpmio/rpmmalloc.c (13)
M rpmio/rpmutil.h (3)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/1913.patch
https://github.com/rpm-software-management/rpm/pull/1913.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1913
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1913 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220206/5e200eb8/attachment.html>
More information about the Rpm-maint
mailing list