folkslinux
/
rpm
mirror of https://github.com/rpm-software-management/rpm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reject OpenPGP data at or over 64KiB 

Such data is probably an attempt to exploit RPM, not do anything useful.
This avoids a whole class of silly integer overflow problems.
Signatures in packages are already limited to less than 64MiB by the
maximum size of the signature header, and this is already a sufficient
limitation.
This commit is contained in:
Demi Marie Obenour 2022-03-01 13:23:21 -05:00 committed by Panu Matilainen
parent 40571a74cf
commit 31c41707d7
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
rpmio/rpmpgp.c
View File

@ -1104,6 +1104,8 @@ static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig,
return rc;
}
static const size_t RPM_MAX_OPENPGP_BYTES = 65535; /* max number of bytes in a key */
int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
pgpDigParams * ret)
{
@ -1113,11 +1115,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
pgpDigParams selfsig = NULL;
int i = 0;
int alloced = 16; /* plenty for normal cases */
struct pgpPkt *all = xmalloc(alloced * sizeof(*all));
int rc = -1; /* assume failure */
int expect = 0;
int prevtag = 0;
if (pktlen > RPM_MAX_OPENPGP_BYTES)
return rc; /* reject absurdly large data */
struct pgpPkt *all = xmalloc(alloced * sizeof(*all));
while (p < pend) {
struct pgpPkt *pkt = &all[i];
if (decodePkt(p, (pend - p), pkt))