On Thu, Mar 02, 2017 at 04:05:49PM -0500, Jeffrey Johnson wrote: > > > On Mar 2, 2017, at 3:52 PM, Jakub Bogusz <[email protected]> wrote: > > > > > > As far as I understand the code, rdl is size of immutable entry infos > > part, while off is an offset in tags data part. > > And when immutable tags data is short enough (shorter than entry infos > > of immutable part), this check refuses to load header. > > > > Yes. there is a ???immutable region??? header and trailer, where the > offset field is used as a double check on the tags in the immutable region. > > > IMO the checks should be like in the attached patch. > > With it, the two refused packages are accessible again. > > > > I???ve applied the patch and will do a few tests before checking in. > > One item I note (just scanning the patch) is > > - if (rdl < REGION_TAG_COUNT || rdl > (rpmuint32_t)(off+nb)) > + if (rdl < REGION_TAG_COUNT || rdl > (rpmuint32_t)(il * > REGION_TAG_COUNT)) > > The variable il is derived and may be tainted, while off and nb are de facto > positioning > within the header memory blob. And yes, it may not matter.
il is already used earlier to calculate dataStart. And length of the whole data (pvlen). > Meanwhile the entire issue is rather obscure, and only testing will tell. > Is there any information about what header???s are failing headerCopyLoad()? > If those headers are public keys, then the real flaw is elsewhere, wrapping > a public key within an immutable region, with an appended SHA1. No, these are two packages. I'm attaching whole db data of one of them (partially described by me during investigation). -- Jakub Bogusz http://qboosh.pl/
* index 0b270000: 00000043 il 00000384 dl 0000003f 00000007 00000280 00000010 HEADER_IMMUTABLE REGION_TAG_TYPE=RPM_BIN_TYPE 00000064 00000008 00000000 00000002 HEADER_I18NTABLE RPM_STRING_ARRAY_TYPE 000003e8 00000006 0000000b 00000001 RPMTAG_NAME RPM_STRING_TYPE 000003e9 00000006 00000019 00000001 RPMTAG_VERSION RPM_STRING_TYPE 000003ea 00000006 00000020 00000001 000003eb 00000004 00000024 00000001 000003ec 00000009 00000028 00000002 000003ed 00000009 00000058 00000002 000003ee 00000004 00000090 00000001 000003ef 00000006 00000094 00000001 000003f1 00000004 000000a8 00000001 000003f2 00000006 000000ac 00000001 000003f6 00000006 000000b0 00000001 000003f7 00000006 000000b4 00000001 000003f8 00000009 000000c1 00000001 000003fc 00000006 000000d7 00000001 000003fd 00000006 000000f6 00000001 000003fe 00000006 000000fc 00000001 00000404 00000004 00000104 00000001 00000406 00000003 00000108 00000001 00000409 00000003 0000010a 00000001 0000040a 00000004 0000010c 00000001 0000040b 00000008 00000110 00000001 0000040c 00000008 00000131 00000001 0000040d 00000004 00000134 00000001 0000040f 00000008 00000138 00000001 00000410 00000008 0000013d 00000001 00000414 00000006 00000142 00000001 00000415 00000004 0000015c 00000001 00000417 00000008 00000160 00000001 00000418 00000004 00000170 00000002 00000419 00000008 00000178 00000002 0000041a 00000008 0000019b 00000002 00000428 00000006 000001ac 00000001 00000447 00000004 000001b0 00000001 00000448 00000004 000001b4 00000001 00000449 00000008 000001b8 00000001 00000458 00000004 000001bc 00000001 00000459 00000008 000001c0 00000001 0000045c 00000004 000001cc 00000001 0000045d 00000008 000001d0 00000001 0000045e 00000008 000001da 00000001 00000462 00000006 000001e8 00000001 00000464 00000006 0000022b 00000001 00000465 00000006 00000230 00000001 00000466 00000006 00000235 00000001 0000046c 00000006 00000237 00000001 00000474 00000004 00000248 00000001 00000475 00000004 0000024c 00000001 00000476 00000008 00000250 00000003 00000477 00000004 00000270 00000001 00000478 00000004 00000274 00000001 0000047b 00000008 00000278 00000001 00000499 00000004 0000027c 00000001 RPMTAG_FILEDIGESTALGOS RPM_UINT32_TYPE -- immutable end 00000101 00000004 00000290 00000001 RPMTAG_SIGSIZE 00000105 00000007 00000294 00000010 RPMTAG_SIGMD5 0000010d 00000006 000002a4 00000001 RPMTAG_SHA1HEADER 000003f0 00000004 000002d0 00000001 RPMTAG_INSTALLTIME 00000405 00000001 000002d4 00000001 RPMTAG_FILESTATES 00000416 00000004 000002d8 00000001 RPMTAG_ARCHIVESIZE 00000467 00000004 000002dc 00000001 RPMTAG_INSTALLCOLOR 00000468 00000004 000002e0 00000001 RPMTAG_INSTALLTID 0000048c 00000008 000002e4 00000001 RPMTAG_BLINKPKGID 0000048d 00000008 00000305 00000001 RPMTAG_BLINKHDRID 0000048e 00000008 0000032e 00000001 RPMTAG_BLINKNEVRA 00000492 00000006 0000034a 00000001 RPMTAG_PACKAGEORIGIN 000004a0 00000004 00000380 00000001 RPMTAG_PACKAGECOLOR dataStart d+0000 4300706c2e5554462d3800 d+000b 746f6c75612b2b2d646576656c00 d+0019 312e302e393300 d+0020 35000000 d+0024 00000000 d+0028 746f6c75612b2b206865616465722066696c657300506c696b69206e6167c582c3b3776b6f776520746f6c75612b2b00 d+0058 4865616465722066696c657320666f7220746f6c75612b2b2e00506c696b69206e6167c582c3b3776b6f776520746f6c75612b2b2e000000 d+0090 50180128 d+0094 737472616e6765722e71626f6f73682e706c0000 d+00a8 00001c20 d+00ac 504c4400 d+00b0 4d495400 d+00b4 4a616b756220426f6775737a00 d+00c1 446576656c6f706d656e742f4c696272617269657300 d+00d7 687474703a2f2f7777772e636f64656e69782e636f6d2f7e746f6c75612f00 d+00f6 6c696e757800 d+00fc 6936383600000000 d+0104 00001c20 d+0108 81a4 d+010a 0000 d+010c 50180127 d+0110 636235333237613036333131356161663335306339326438653931633261386600 d+0131 000000 d+0134 00000000 d+0138 726f6f7400 d+013d 726f6f7400 d+0142 746f6c75612b2b2d312e302e39332d352e7372632e72706d0000 d+015c ffffffff d+0160 746f6c75612b2b2d646576656c000000 d+0170 000000080100000a d+0178 746f6c75612b2b2d6c6962730072706d6c6962285061796c6f616449734c7a6d612900 d+019b 312e302e39332d3500342e342e362d3100 d+01ac 342e3500 d+01b0 00000803 d+01b4 40366500 d+01b8 00000000 d+01bc 00000008 d+01c0 303a312e302e39332d350000 d+01cc 00000000 d+01d0 746f6c75612b2b2e6800 d+01da 2f7573722f696e636c7564652f00 d+01e8 2d4f32202d70697065202d666e6f2d7374726963742d616c696173696e67202d667772617076202d6d617263683d69363836202d6d74756e653d70656e7469756d3400 d+022b 6370696f00 d+0230 6c7a6d6100 d+0235 3900 d+0237 693638362d706c642d6c696e7578000000 d+0248 00000000 d+024c 00000001 d+0250 004320736f757263652c2041534349492074657874006469726563746f727900 d+0270 00000000 d+0274 00000000 d+0278 00000000 d+027c 00000001 -- immutable trailer d+0280 0000003f 00000007 fffffca0 00000010 -- immutable end d+0290 00000c11 d+0294 c8a786a05dc5214888b2ff2ae38a6147 d+02a4 61303336323662323336313030633035346134363334353931616161363263343436613038663430000000005018 d+02d0 01c70000 d+02d4 00000000 d+02d8 1d240000 d+02dc 00035018 d+02e0 01c33166 d+02e4 35383066316336383866306466393866353662646364363431626432333900 d+0305 3435393438653936306330623837336332666131633433633537653834346139653233346239323600 d+032e 746f6c75612b2b2d646576656c2d312e302e39332d342e6936383600 d+034a 2f686f6d652f636f6d702f72706d2f52504d532f746f6c75612b2b2d646576656c2d312e302e39332d352e693638362e72706d000000 d+0380 00000000 dataEnd=dataStart+0384
_______________________________________________ pld-devel-en mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
