folkslinux
/
rpm
mirror of https://github.com/rpm-software-management/rpm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Negate the trailer offset after division 

This ensures that negation cannot overflow.
This commit is contained in:
Demi M. Obenour 2021-01-01 23:31:27 -05:00 committed by Panu Matilainen
parent da55723907
commit c3e04c2ac9
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/header.c
View File

@ -1851,8 +1851,6 @@ static rpmRC hdrblobVerifyRegion(rpmTagVal regionTag, int exact_size,
blob->rdl = regionEnd - blob->dataStart;
ei2h(&trailer, &einfo);
/* Trailer offset is negative and has a special meaning */
einfo.offset = -einfo.offset;
/* Some old packages have HEADERIMAGE in signature region trailer, fix up */
if (regionTag == RPMTAG_HEADERSIGNATURES && einfo.tag == RPMTAG_HEADERIMAGE)
einfo.tag = RPMTAG_HEADERSIGNATURES;
@ -1865,8 +1863,9 @@ static rpmRC hdrblobVerifyRegion(rpmTagVal regionTag, int exact_size,
goto exit;
}
/* Trailer offset is negative and has a special meaning */
blob->ril = -einfo.offset/sizeof(*blob->pe);
/* Does the region actually fit within the header? */
blob->ril = einfo.offset/sizeof(*blob->pe);
if ((einfo.offset % sizeof(*blob->pe)) || hdrchkRange(blob->il, blob->ril) ||
hdrchkRange(blob->dl, blob->rdl)) {
rasprintf(buf, _("region %d size: BAD, ril %d il %d rdl %d dl %d"),