[Rpm-maint] [rpm-software-management/rpm] Fix some type confusion bugs in the internal OpenPGP implementation (PR #2242)
Demi Marie Obenour
notifications at github.com
Sun Oct 23 04:42:28 UTC 2022
These can cause segfaults; see the included test cases for details. I know the internal parser is deprecated, but hopefully a segfault-triggering bug is still worth fixing.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/2242
-- Commit Summary --
* Avoid type confusion when verifying signatures
* Check packet types of signatures and public keys
* Reject multiple PGPTAG_PUBLIC_KEY packets
-- File Changes --
M rpmio/rpmpgp_internal.c (33)
A tests/data/keys/type-confusion.asc (29)
M tests/rpmsigdig.at (12)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/2242.patch
https://github.com/rpm-software-management/rpm/pull/2242.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2242
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/2242 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20221022/6d0c78c9/attachment.html>
More information about the Rpm-maint
mailing list