folkslinux
/
rpm
mirror of https://github.com/rpm-software-management/rpm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix out of bounds copy on malformed PGP packet (#148) 

Validate the packet is of correct size for the keyid type before
copying. Ditto for similar code in signature creation time.
This commit is contained in:
Panu Matilainen 2017-02-07 12:08:54 +02:00
parent e843855527
commit 657553ffab
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rpmio/rpmpgp.c
View File

@ -423,6 +423,8 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
if (!(_digp->saved & PGPDIG_SAVED_TIME) &&
(sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE))
{
if (plen-1 != sizeof(_digp->time))
break;
_digp->saved |= PGPDIG_SAVED_TIME;
memcpy(_digp->time, p+1, sizeof(_digp->time));
}
@ -440,6 +442,8 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
if (!(_digp->saved & PGPDIG_SAVED_ID) &&
(sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE))
{
if (plen-1 != sizeof(_digp->signid))
break;
_digp->saved |= PGPDIG_SAVED_ID;
memcpy(_digp->signid, p+1, sizeof(_digp->signid));
}