[Rpm-maint] [rpm-software-management/rpm] Fix missing signature check (PR #3149)

Panu Matilainen notifications at github.com
Wed Jun 19 08:35:54 UTC 2024


This is a false positive. pgpDigParamsCmp() returns an error if either argument is NULL, and the code simply relies on that. It'd could be more obvious to test for the rc from pgpPrtParams() but not like this: it introduces a potential memory leak by returning without freeing the headerGet data.  Also, there's no use-after-free because sig1 and sig2 are always either valid or explicitly set to NULL to begin with.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3149#issuecomment-2178091766
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3149/c2178091766 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240619/b467f7c8/attachment.html>


More information about the Rpm-maint mailing list