folkslinux
/
rpm
mirror of https://github.com/rpm-software-management/rpm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid going past header data area when validating SHA1 header digest 

A malformed header with no zeros in it could've easily walked off the
edge of the world here. That it happens while trying to validate the
tag data content is the height of embarrasment of sorts.
This commit is contained in:
Panu Matilainen 2016-10-19 17:15:42 +03:00
parent 89dce2b91d
commit d8bfe73257
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/package.c
View File

@ -180,10 +180,11 @@ static rpmRC headerSigVerify(rpmKeyring keyring, rpmVSFlags vsflags,
switch (einfo.tag) {
case RPMTAG_SHA1HEADER: {
size_t blen = 0;
unsigned const char * b;
unsigned const char * b = dataStart + einfo.offset;
unsigned const char * e = dataStart + dl;
if (vsflags & RPMVSF_NOSHA1HEADER)
break;
for (b = dataStart + einfo.offset; *b != '\0'; b++) {
for (; b < e && *b != '\0'; b++) {
if (strchr("0123456789abcdefABCDEF", *b) == NULL)
break;
blen++;