subject:"\[pacman\-dev\] \[PATCH\] libalpm\/signing.c\: Fix calculation of packet size in parse

Re: [pacman-dev] [PATCH] libalpm/signing.c: Fix calculation of packet size in parse_subpacket

2020-05-31 Thread Allan McRae

On 1/6/20 5:51 am, Andrew Gregory wrote:
> On 05/20/20 at 02:22pm, Allan McRae wrote:
>> Given RFC 4880 provides the code to do this calculation, I am not sure
>> how I managed to stuff that up!  This bug was only exposed when a
>> signature made with "include-key-block" was added to the Arch repos,
>> which provided a subpacket with the required size to hit this issue.
> 
> LGTM. Though, it might be worth it to use + instead of | just so we
> match 4880 and extract_keyid exactly.
> 

Done.

Re: [pacman-dev] [PATCH] libalpm/signing.c: Fix calculation of packet size in parse_subpacket

2020-05-31 Thread Andrew Gregory

On 05/20/20 at 02:22pm, Allan McRae wrote:
> Given RFC 4880 provides the code to do this calculation, I am not sure
> how I managed to stuff that up!  This bug was only exposed when a
> signature made with "include-key-block" was added to the Arch repos,
> which provided a subpacket with the required size to hit this issue.

LGTM. Though, it might be worth it to use + instead of | just so we
match 4880 and extract_keyid exactly.

> Signed-off-by: Allan McRae 
> ---
> 
> Also appropriate for 5.2.2
> 
>  lib/libalpm/signing.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
> index c8eaaca2..422523b6 100644
> --- a/lib/libalpm/signing.c
> +++ b/lib/libalpm/signing.c
> @@ -1058,7 +1058,7 @@ static int parse_subpacket(alpm_handle_t *handle, const 
> char *identifier,
>   if(length_check(len, spos, 2, handle, 
> identifier) != 0){
>   return -1;
>   }
> - slen = (sig[spos] << 8) | sig[spos + 1];
> + slen = (((sig[spos] - 192) << 8) | sig[spos + 
> 1]) + 192;
>   spos = spos + 2;
>   } else {
>   if(length_check(len, spos, 5, handle, 
> identifier) != 0) {
> -- 
> 2.26.2

[pacman-dev] [PATCH] libalpm/signing.c: Fix calculation of packet size in parse_subpacket

2020-05-19 Thread Allan McRae

Given RFC 4880 provides the code to do this calculation, I am not sure
how I managed to stuff that up!  This bug was only exposed when a
signature made with "include-key-block" was added to the Arch repos,
which provided a subpacket with the required size to hit this issue.

Signed-off-by: Allan McRae 
---

Also appropriate for 5.2.2

 lib/libalpm/signing.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index c8eaaca2..422523b6 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -1058,7 +1058,7 @@ static int parse_subpacket(alpm_handle_t *handle, const 
char *identifier,
if(length_check(len, spos, 2, handle, 
identifier) != 0){
return -1;
}
-   slen = (sig[spos] << 8) | sig[spos + 1];
+   slen = (((sig[spos] - 192) << 8) | sig[spos + 
1]) + 192;
spos = spos + 2;
} else {
if(length_check(len, spos, 5, handle, 
identifier) != 0) {
-- 
2.26.2

Re: [pacman-dev] [PATCH] libalpm/signing.c: Fix calculation of packet size in parse_subpacket

Re: [pacman-dev] [PATCH] libalpm/signing.c: Fix calculation of packet size in parse_subpacket

[pacman-dev] [PATCH] libalpm/signing.c: Fix calculation of packet size in parse_subpacket

3 matches

Site Navigation

Mail list logo

Footer information