[Rpm-maint] [rpm-software-management/rpm] Fix missing signature check (PR #3149)
MarcinDigitic
notifications at github.com
Thu Jun 6 05:31:33 UTC 2024
During coverity static analyses, there has been reported an error in function haveSignature (file sign/rpmgensig.c). The issue is that function pgpPrtParams may return with an error. And in this situation variables sig1 or sig2 may not be set. But, in the current implementation, there is no check for such issue.
Notice that all other calls to pgpPrtParams function in rpm repository do have such check already.
The exact error message is as follows:
363 while (rpmtdNext(&oldtd) >= 0 && rc == 0) {
364 pgpPrtParams(oldtd.data, oldtd.count, PGPTAG_SIGNATURE, &sig2);
4. Condition pgpDigParamsCmp(sig1, sig2) == 0, taking false branch.
CID 5898818: (#1 of 1): Use after free (USE_AFTER_FREE)
9. pass_freed_arg: Passing freed pointer sig2 as an argument to
pgpDigParamsCmp.
365 if (pgpDigParamsCmp(sig1, sig2) == 0)
366 rc = 1;
5. freed_arg: pgpDigParamsFree frees sig2.["show details"]
367 pgpDigParamsFree(sig2);
6. Jumping back to the beginning of the loop.
368 }
This commit is to add a proper check.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/3149
-- Commit Summary --
* Fix missing signature check
-- File Changes --
M sign/rpmgensig.c (18)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/3149.patch
https://github.com/rpm-software-management/rpm/pull/3149.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3149
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3149 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240605/40852b49/attachment-0001.html>
More information about the Rpm-maint
mailing list