This is no "header with count zero", it'd be a header tag data with count zero.
Which is something that cannot legitimately exist.
Now, one would *think* we already catch that *someplace*, but after meeting
several such canyon-wide cracks in the checks in the last hardening round,
nothing surprises me anymore. Right ... so there is no hdrchkCount(), or any
such thing in hdrblobVerifyInfo() :facepalm:
Just add hdrchkCount() macro which checks against zero and call similarly to
others in hdrblobVerifyInfo(), that'll catch an entire class of related issues
rather than the specific string length case.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1496#issuecomment-760046840
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
