[Rpm-maint] [rpm-software-management/rpm] Fix missing signature check (PR #3149)

MarcinDigitic notifications at github.com
Thu Jun 6 05:31:33 UTC 2024


During coverity static analyses, there has been reported an error in function haveSignature (file sign/rpmgensig.c). The issue is that function pgpPrtParams may return with an error. And in this situation variables sig1 or sig2 may not be set. But, in the current implementation, there is no check for such issue.
Notice that all other calls to pgpPrtParams function in rpm repository do have such check already.

The exact error message is as follows:
363    while (rpmtdNext(&oldtd) >= 0 && rc == 0) {
364        pgpPrtParams(oldtd.data, oldtd.count, PGPTAG_SIGNATURE, &sig2);
4. Condition pgpDigParamsCmp(sig1, sig2) == 0, taking false branch.
CID 5898818: (#1 of 1): Use after free (USE_AFTER_FREE)
9. pass_freed_arg: Passing freed pointer sig2 as an argument to
pgpDigParamsCmp.
365        if (pgpDigParamsCmp(sig1, sig2) == 0)
366            rc = 1;
5. freed_arg: pgpDigParamsFree frees sig2.["show details"]
367        pgpDigParamsFree(sig2);
6. Jumping back to the beginning of the loop.
368    }

This commit is to add a proper check.
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3149

-- Commit Summary --

  * Fix missing signature check

-- File Changes --

    M sign/rpmgensig.c (18)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3149.patch
https://github.com/rpm-software-management/rpm/pull/3149.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3149
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3149 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240605/40852b49/attachment-0001.html>


More information about the Rpm-maint mailing list