RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 19-Apr-2016 15:11:56 Branch: rpm-5_4 Handle: 2016041913115600 Modified files: (Branch: rpm-5_4) rpm/rpmdb pkgio.c Log: - pkgio: better sigh tag checks. Summary: Revision Changes Path 1.121.2.23 +46 -12 rpm/rpmdb/pkgio.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/rpmdb/pkgio.c ============================================================================ $ cvs diff -u -r1.121.2.22 -r1.121.2.23 pkgio.c --- rpm/rpmdb/pkgio.c 15 Apr 2016 18:42:14 -0000 1.121.2.22 +++ rpm/rpmdb/pkgio.c 19 Apr 2016 13:11:56 -0000 1.121.2.23 @@ -779,6 +779,7 @@ const void * sig = NULL; rpmuint32_t siglen = 0; pgpPkt pp = (pgpPkt) alloca(sizeof(*pp)); +rpmuint32_t rtag = 0; /* assume no region tag. */ if (_pkgio_debug) fprintf(stderr, "--> rdSignature(%p, %p, %p) dig %p\n", fd, ptr, msg, dig); @@ -896,7 +897,17 @@ /* Check (and convert) the 1st tag element. */ xx = headerVerifyInfo(1, dl, pe, &entry->info, 0); - if (xx != -1) { + if (xx != -1 || + !( (entry->info.tag == RPMTAG_HEADERSIGNATURES + && entry->info.type == REGION_TAG_TYPE + && entry->info.offset > 0 + && entry->info.count == (rpmTagCount)REGION_TAG_COUNT) + || (entry->info.tag == (rpmTag)RPMSIGTAG_SIZE + && entry->info.type == RPM_UINT32_TYPE + && entry->info.offset == 0 + && entry->info.count == (rpmTagCount)1) + )) + { (void) snprintf(buf, sizeof(buf), _("tag[%d]: BAD, %s"), 0, entryInfoStr(&entry->info)); goto exit; @@ -905,6 +916,7 @@ /* Is there an immutable header region tag? */ if (entry->info.tag == RPMTAG_HEADERSIGNATURES) { + rtag = RPMTAG_HEADERSIGNATURES; /* Is the region tag sane? */ if (!(entry->info.type == REGION_TAG_TYPE && entry->info.count == (rpmTagCount)REGION_TAG_COUNT)) @@ -993,12 +1005,40 @@ goto exit; } - /* Print package component sizes. */ + /* If sigh had a region, then sigh should have a RPMSIGTAG_SHA1. */ + if (rtag) { + he->tag = (rpmTag) RPMSIGTAG_SHA1; + xx = headerGet(sigh, he, HEADERGET_SIGHEADER); + he->p.ptr = _free(he->p.ptr); + if (!xx) { + (void) snprintf(buf, sizeof(buf), + _("%stag(%u): BAD, missing %s tag"), origin, + he->tag, "SHA1"); + rc = RPMRC_FAIL; + goto exit; + } + } + + /* All packages should have RPMSIGTAG_MD5. */ + he->tag = (rpmTag) RPMSIGTAG_MD5; + xx = headerGet(sigh, he, HEADERGET_SIGHEADER); + if (!xx) { + (void) snprintf(buf, sizeof(buf), + _("%stag(%u): BAD, missing %s tag"), origin, + he->tag, "MD5"); + he->p.ptr = _free(he->p.ptr); + rc = RPMRC_FAIL; + goto exit; + } + + /* All packages should have RPMSIGTAG_SIZE. */ he->tag = (rpmTag) RPMSIGTAG_SIZE; xx = headerGet(sigh, he, HEADERGET_SIGHEADER); if (xx) { + /* XXX FIXME: there's an overrun here. */ size_t datasize = he->p.ui32p[0]; he->p.ptr = _free(he->p.ptr); + /* Print package component sizes. */ rc = printSize(fd, sigSize, pad, datasize, st); if (rc != RPMRC_OK) { (void) snprintf(buf, sizeof(buf), @@ -1008,21 +1048,13 @@ } } else { (void) snprintf(buf, sizeof(buf), - _("%stag(%u): BAD, missing tag"), origin, he->tag); + _("%stag(%u): BAD, missing %s tag"), origin, + he->tag, "SIZE"); he->p.ptr = _free(he->p.ptr); rc = RPMRC_FAIL; goto exit; } - he->tag = (rpmTag) RPMSIGTAG_SHA1; - xx = headerGet(sigh, he, HEADERGET_SIGHEADER); - he->p.ptr = _free(he->p.ptr); - if (!xx) { - (void) snprintf(buf, sizeof(buf), - _("%stag(%u): BAD, missing tag"), origin, he->tag); - rc = RPMRC_FAIL; - goto exit; - } } (void) headerSetStartOff(sigh, (rpmuint32_t)startoff); (void) headerSetEndOff(sigh, fd->stats->ops[FDSTAT_READ].bytes); @@ -1277,7 +1309,9 @@ char *b, size_t nb) { rpmuint32_t * ei = (rpmuint32_t *) uh; +#ifdef UNUSED rpmuint32_t il = (rpmuint32_t) ntohl(ei[0]); +#endif rpmuint32_t dl = (rpmuint32_t) ntohl(ei[1]); entryInfo pe = (entryInfo) &ei[2]; rpmRC rc = RPMRC_FAIL; /* assume failure */ @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org