[Rpm-maint] [rpm-software-management/rpm] Fix IMA signature fubar, take III (#1833, RhBug:2018937) (PR #1914)

Demi Marie Obenour notifications at github.com
Mon Feb 7 17:21:11 UTC 2022


@DemiMarie requested changes on this pull request.

> You can't do the special casing of empty strings as it breaks the length calculation. The offsets need to be monotonic.

Ouch.  Good catch @mlschroe.  I believe the previous entry would appear to have a length of nearly 4GiB, in which case reading it would almost certainly segfault.  Thankfully, it is easy to check for empty entries and return NULL.

> +	    if (off != 0) {
+		signature = fi->signatures + off;
+		slen = fi->signatureoffs[ix+1] - off;
+	    }

```suggestion
	    if (fi->signatureoffs[ix+1] > off) {
		signature = fi->signatures + off;
		slen = fi->signatureoffs[ix+1] - off;
	    }
```

>  {
     struct rpmtd_s td;
     uint8_t *bin = NULL;
+    uint32_t *offs = NULL;
+    int nzeros = 16;

```suggestion
```

> +	memset(t, 0, nzeros);
+	t += nzeros;

```suggestion
```

> +	    if (len == 0) {
+		offs[i] = 0;
+	    } else {
+		offs[i] = t - bin;
+		for (int j = 0; j < len; j++, t++, s += 2)
+		    *t = (rnibble(s[0]) << 4) | rnibble(s[1]);
+	    }

```suggestion
	    offs[i] = t - bin;
	    for (int j = 0; j < len; j++, t++, s += 2)
		*t = (rnibble(s[0]) << 4) | rnibble(s[1]);
	    }
```

> -	int maxl = 0;
-	int *lens = NULL;
-
-	/* Figure string sizes + max length for allocation purposes */
-	if (lengths) {
-	    int i = 0;
-	    lens = xmalloc(num * sizeof(*lens));
-
-	    while ((s = rpmtdNextString(&td))) {
-		lens[i] = strlen(s) / 2;
-		if (lens[i] > maxl)
-		    maxl = lens[i];
-		i++;
-	    }
+	int i = 0;
+	uint8_t *t = bin = xmalloc(((rpmtdSize(&td) / 2) + 1) + nzeros);

```suggestion
	uint8_t *t = bin = xmalloc((rpmtdSize(&td) / 2) + 1);
```

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1914#pullrequestreview-875003671
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1914/review/875003671 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220207/42a92240/attachment.html>


More information about the Rpm-maint mailing list