@pmatilai Taking a step back, the purpose of this ticket is to ensure that were
a vulnerability found in RPM’s header manipulation, it would not be possible to
exploit it. There are two paths that could help here:
1. Fuzz `rpmReadPackageFile` and friends.
2. Reduce the amount of code that `rpmReadPackageFile` brings into action.
For instance, there could be a separate function (`rpmReadPackageForKeys`?)
that only returns the keys needed.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1484#issuecomment-758788496
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
