[Rpm-maint] [rpm-software-management/rpm] Fix IMA signature fubar, take III (#1833, RhBug:2018937) (PR #1914)
Demi Marie Obenour
notifications at github.com
Mon Feb 7 17:21:11 UTC 2022
@DemiMarie requested changes on this pull request.
> You can't do the special casing of empty strings as it breaks the length calculation. The offsets need to be monotonic.
Ouch. Good catch @mlschroe. I believe the previous entry would appear to have a length of nearly 4GiB, in which case reading it would almost certainly segfault. Thankfully, it is easy to check for empty entries and return NULL.
> + if (off != 0) {
+ signature = fi->signatures + off;
+ slen = fi->signatureoffs[ix+1] - off;
+ }
```suggestion
if (fi->signatureoffs[ix+1] > off) {
signature = fi->signatures + off;
slen = fi->signatureoffs[ix+1] - off;
}
```
> {
struct rpmtd_s td;
uint8_t *bin = NULL;
+ uint32_t *offs = NULL;
+ int nzeros = 16;
```suggestion
```
> + memset(t, 0, nzeros);
+ t += nzeros;
```suggestion
```
> + if (len == 0) {
+ offs[i] = 0;
+ } else {
+ offs[i] = t - bin;
+ for (int j = 0; j < len; j++, t++, s += 2)
+ *t = (rnibble(s[0]) << 4) | rnibble(s[1]);
+ }
```suggestion
offs[i] = t - bin;
for (int j = 0; j < len; j++, t++, s += 2)
*t = (rnibble(s[0]) << 4) | rnibble(s[1]);
}
```
> - int maxl = 0;
- int *lens = NULL;
-
- /* Figure string sizes + max length for allocation purposes */
- if (lengths) {
- int i = 0;
- lens = xmalloc(num * sizeof(*lens));
-
- while ((s = rpmtdNextString(&td))) {
- lens[i] = strlen(s) / 2;
- if (lens[i] > maxl)
- maxl = lens[i];
- i++;
- }
+ int i = 0;
+ uint8_t *t = bin = xmalloc(((rpmtdSize(&td) / 2) + 1) + nzeros);
```suggestion
uint8_t *t = bin = xmalloc((rpmtdSize(&td) / 2) + 1);
```
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1914#pullrequestreview-875003671
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1914/review/875003671 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220207/42a92240/attachment.html>
More information about the Rpm-maint
mailing list