a79d7ae0f0
At least ECDSA and RSA signatures can vary in length, but the IMA code assumes constant lengths and thus may either place invalid signatures on disk from either truncating or overshooting, and segfault if the stars are just so. Luckily the signatures are stored as strings so we can calculate the actual lengths at runtime and ignore the stored constant length info. Extend hex2bin() to optionally calculate the lengths and maximum, and use these for returning IMA data from the rpmfi(les) API. Additionally update the signing code to store the largest IMA signature length rather than what happened to be last to be on the safe side. We can't rely on this value due to invalid packages being out there, but then we need to calculate the lengths on rpmfiles populate so there's not a lot to gain anyhow. Fixes: #1833 |
||
|---|---|---|
| .. | ||
| Makefile.am | ||
| rpmgensig.c | ||
| rpmsign.h | ||
| rpmsignfiles.c | ||
| rpmsignfiles.h | ||
| rpmsignverity.c | ||
| rpmsignverity.h | ||