[Rpm-maint] [rpm-software-management/rpm] Fix IMA signature lengths assumed constant (again) (PR #1900)
Panu Matilainen
notifications at github.com
Mon Feb 7 08:30:18 UTC 2022
Demi, cool it okay? I'm aware of the issue and pinging me multiple times over different channels and submitting multiple PR's is not helpful.
Yesterday evening (the subconscious is never entirely off-duty, sigh) I realized the thing that's been nagging me about this whole thing. There's something fundamentally wrong if we end up allocating too much memory for something that'll output exactly half the memory of the initial data size by definition, and that initial data size has already been sanitized in the low-level header processing.
The case for rmallocarray() in rpm remains upstream, but as this will indeed need backporting to 4.16.x and 4.17.x and this doesn't *need* a new API to fix.
We can get the total string array size from rpmtdSize(), the memory needed for the decoded data will be half that.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1900#issuecomment-1031197168
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1900/c1031197168 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220207/860bfb6c/attachment.html>
More information about the Rpm-maint
mailing list