Don't require signature header to be in single contiguous region (#270)

In packages created and signed by rpm.org, the entire signature header is always reloaded into a contiguous region so there are never "dribbles" in headers coming from packages on disk. However in the case of signature header, the region gets changed and rewritten any time signatures change so it's not "immutable" in the sense the region of the main header is, and requiring it to be that way is perhaps a bit dubious - by the "immutable" definition, only build-time added tags should be in the region and all later signatures outside it. Further, there are otherwise legit packages in the wild that are signed by something that places the signatures outside the signature region (samples in #270 and RhBug:1514190 are from Intel, maybe they're using a home-grown signing software) and also rpm5 is actually relying on a padding tag to be outside the region as it's used for the actual padding between the signature and main header..
2017-11-29 11:08:33 +02:00 · 2017-11-29 11:08:33 +02:00 · 34c2ba3c6a
parent db1b99db25
commit 34c2ba3c6a
1 changed files with 2 additions and 1 deletions
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@ -181,7 +181,8 @@ rpmRC rpmpkgRead(rpmKeyring keyring, rpmVSFlags flags, FD_t fd,
 	goto exit;
    }

-    if (hdrblobRead(fd, 1, 1, RPMTAG_HEADERSIGNATURES, &sigblob, &msg))
+    /* Read the signature header. Might not be in a contiguous region. */
+    if (hdrblobRead(fd, 1, 0, RPMTAG_HEADERSIGNATURES, &sigblob, &msg))
 	goto exit;

    sigset = rpmvsCreate(&sigblob, flags);