[CVS] RPM: rpm-5_4: rpm/rpmdb/ header_internal.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:28:56
Branch: rpm-5_4 Handle: 2016040404285600
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header_internal.c
Log:
- header: remove the damaged tags assert failure.
Summary:
RevisionChanges Path
1.20.2.2+8 -2 rpm/rpmdb/header_internal.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header_internal.c
$ cvs diff -u -r1.20.2.1 -r1.20.2.2 header_internal.c
--- rpm/rpmdb/header_internal.c 16 Apr 2012 23:43:34 - 1.20.2.1
+++ rpm/rpmdb/header_internal.c 4 Apr 2016 04:28:56 - 1.20.2.2
@@ -44,15 +44,21 @@
for (i = 0; i < il; i++) {
info->tag = (rpmTag) ntohl(pe[i].tag);
info->type = (rpmTagType) ntohl(pe[i].type);
+ info->offset = (rpmint32_t) ntohl(pe[i].offset);
+ info->count = (rpmuint32_t) ntohl(pe[i].count);
+#if 0
+fprintf(stderr, "\ttag %d type %d offset 0x%x count %d\n", info->tag,
info->type, info->offset, info->count);
+#endif
+
/* XXX Convert RPMTAG_FILESTATE to RPM_UINT8_TYPE. */
if (info->tag == 1029 && info->type == 1) {
info->type = RPM_UINT8_TYPE;
}
- info->offset = (rpmint32_t) ntohl(pe[i].offset);
+#ifdef DYING
assert(negate || info->offset >= 0); /* XXX insurance */
+#endif
if (negate)
info->offset = -info->offset;
- info->count = (rpmuint32_t) ntohl(pe[i].count);
if (hdrchkType(info->type))
return (int)i;
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ package.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:25:57
Branch: rpm-5_4 Handle: 2016040404255700
Modified files: (Branch: rpm-5_4)
rpm/rpmdb package.c
Log:
- improved error checking.
Summary:
RevisionChanges Path
1.2.2.11+30 -5 rpm/rpmdb/package.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/package.c
$ cvs diff -u -r1.2.2.10 -r1.2.2.11 package.c
--- rpm/rpmdb/package.c 2 Apr 2016 23:01:12 - 1.2.2.10
+++ rpm/rpmdb/package.c 4 Apr 2016 04:25:57 - 1.2.2.11
@@ -87,6 +87,7 @@
rpmop op = NULL;
unsigned char * hmagic = NULL;
size_t nmagic = 0;
+int rc = RPMRC_FAIL; /* assume failure */
int xx;
he->tag = RPMTAG_HEADERIMMUTABLE;
@@ -105,10 +106,11 @@
dig->nbytes += he->c;
(void) rpmswExit(op, dig->nbytes);
op->count--; /* XXX one too many */
+rc = RPMRC_OK;
exit:
he->p.ptr = _free(he->p.ptr);
-return xx;
+return rc;
}
/*@-mods@*/
@@ -290,8 +292,16 @@
case RPMSIGTAG_ECDSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
xx = pgpPktLen(she->p.ui8p, she->c, pp);
+ if (xx < 0) {
+ rpmlog(RPMLOG_ERR,
+ _("skipping package %s with malformed signature
packet(0x%x)\n"),
+ fn, she->p.ui8p[0]);
+ goto exit;
+ }
xx = rpmhkpLoadSignature(NULL, dig, pp);
- if (dig->signature.version != 3 && dig->signature.version != 4) {
+ if (xx < 0
+ || (dig->signature.version != 3 && dig->signature.version != 4))
+ {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
fn, dig->signature.version);
@@ -300,7 +310,10 @@
}
switch (dig->signature.pubkey_algo) {
default:
-assert(0);
+ rpmlog(RPMLOG_ERR,
+ _("skipping package %s with unknown signature algorithm(%u)\n"),
+ fn, dig->signature.pubkey_algo);
+ goto exit;
break;
case PGPPUBKEYALGO_RSA:
dig->sigtag = RPMSIGTAG_RSA;
@@ -315,11 +328,23 @@
ctxp = >hecdsa;
break;
}
- xx = hBlobDigest(h, dig, dig->signature.hash_algo, ctxp);
+ rc = hBlobDigest(h, dig, dig->signature.hash_algo, ctxp);
+ if (rc != RPMRC_OK || *ctxp == NULL) {
+ rpmlog(RPMLOG_ERR,
+ _("skipping package %s cannot calculate header blob digest\n"),
+ fn);
+ goto exit;
+ }
break;
case RPMSIGTAG_SHA1:
/* XXX dig->hsha? */
- xx = hBlobDigest(h, dig, PGPHASHALGO_SHA1, >hdsa);
+ rc = hBlobDigest(h, dig, PGPHASHALGO_SHA1, >hdsa);
+ if (rc != RPMRC_OK || dig->hdsa == NULL) {
+ rpmlog(RPMLOG_ERR,
+ _("skipping package %s cannot calculate header blob SHA1\n"),
+ fn);
+ goto exit;
+ }
break;
case RPMSIGTAG_MD5:
/* Legacy signatures need the compressed payload in the digest too. */
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ signature.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:24:23
Branch: rpm-5_4 Handle: 2016040404242200
Modified files: (Branch: rpm-5_4)
rpm/rpmdb signature.c
Log:
- rewrite last usage of pgpPritPkts() in main rpm code.
Summary:
RevisionChanges Path
1.68.2.15 +23 -1 rpm/rpmdb/signature.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/signature.c
$ cvs diff -u -r1.68.2.14 -r1.68.2.15 signature.c
--- rpm/rpmdb/signature.c 2 Apr 2016 23:01:12 - 1.68.2.14
+++ rpm/rpmdb/signature.c 4 Apr 2016 04:24:22 - 1.68.2.15
@@ -257,9 +257,31 @@
/* Parse the signature, change signature tag as appropriate. */
dig = pgpDigNew(RPMVSF_DEFAULT, (pgpPubkeyAlgo)0);
+sigp = pgpGetSignature(dig);
+#ifdef DYING
(void) pgpPrtPkts(*pktp, *pktlenp, dig, 0);
-sigp = pgpGetSignature(dig);
+#else
+{void * sig = *pktp;
+ size_t siglen = *pktlenp;
+ size_t pleft = siglen;
+ pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
+
+ if (pgpPktLen((const rpmuint8_t *)sig, pleft, pp) < 0) {
+ *pktp = _free(*pktp);
+ rpmlog(RPMLOG_ERR, _("malformed signature packet\n"));
+ return 1;
+ }
+ if (rpmhkpLoadSignature(NULL, dig, pp) < 0
+ || (sigp->version != 3 && sigp->version != 4))
+ {
+ *pktp = _free(*pktp);
+ rpmlog(RPMLOG_ERR, _("cannot load V%u signature\n"),
+ (unsigned) sigp->version);
+ return 1;
+ }
+}
+#endif
/* Identify the type of signature being returned. */
/* XXX FIXME: RPMSIGTAG{DSA,RSA,ECDSA} are interchangeable. */
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ rpmns.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:23:22
Branch: rpm-5_4 Handle: 2016040404232200
Modified files: (Branch: rpm-5_4)
rpm/rpmdb rpmns.c
Log:
- rpmns: check pgpPktLen() validity.
Summary:
RevisionChanges Path
1.15.2.8+1 -3 rpm/rpmdb/rpmns.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/rpmns.c
$ cvs diff -u -r1.15.2.7 -r1.15.2.8 rpmns.c
--- rpm/rpmdb/rpmns.c 19 Jul 2014 23:33:24 - 1.15.2.7
+++ rpm/rpmdb/rpmns.c 4 Apr 2016 04:23:22 - 1.15.2.8
@@ -367,6 +367,7 @@
pleft = sigpktlen;
xx = pgpPktLen(sigpkt, pleft, pp);
+if (xx < 0) goto exit;
xx = rpmhkpLoadSignature(NULL, dig, pp);
if (xx) goto exit;
@@ -412,9 +413,6 @@
/* XXX TODO: only validate once, then cache using rpmku */
/* XXX need at least 3 packets to validate a pubkey */
if (validate && hkp->npkts >= 3) {
-#ifdef DYING
-pgpPrtPkts(hkp->pkt, hkp->pktlen, NULL, 1);
-#endif
xx = rpmhkpValidate(hkp, NULL);
switch (xx) {
case RPMRC_OK:
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ pkgio.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:21:40
Branch: rpm-5_4 Handle: 2016040404214000
Modified files: (Branch: rpm-5_4)
rpm/rpmdb pkgio.c
Log:
- pkgio: fix: can't retrofit a trailer tag fix with PROT_READ in place.
- pkgio: improved santy checks for {il,dl} based on file size.
Summary:
RevisionChanges Path
1.121.2.18 +82 -22 rpm/rpmdb/pkgio.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/pkgio.c
$ cvs diff -u -r1.121.2.17 -r1.121.2.18 pkgio.c
--- rpm/rpmdb/pkgio.c 2 Apr 2016 23:01:12 - 1.121.2.17
+++ rpm/rpmdb/pkgio.c 4 Apr 2016 04:21:40 - 1.121.2.18
@@ -706,16 +706,20 @@
* @param siglen signature header size
* @param padsignature padding
* @param datalenlength of header+payload
+ * @retval *st stat(2) of input file
* @return rpmRC return code
*/
-static inline rpmRC printSize(FD_t fd, size_t siglen, size_t pad, size_t
datalen)
+static inline rpmRC printSize(FD_t fd, size_t siglen, size_t pad,
+ size_t datalen, struct stat *st)
/*@globals fileSystem, internalState @*/
/*@modifies fileSystem, internalState @*/
{
-struct stat sb, * st =
size_t expected;
size_t nl = rpmpkgSizeof("Lead", NULL);
+if (st == NULL)
+ st = memset(alloca(sizeof(*st)), 0, sizeof(*st));
+
#ifndef DYING /* XXX Fstat(2) contentLength not gud enuf yet. */
int fdno = Fileno(fd);
/* HACK: workaround for davRead wiring. */
@@ -775,6 +779,7 @@
rpmRC rc = RPMRC_FAIL; /* assume failure */
int xx;
rpmuint32_t i;
+struct stat sb, *st =
static int map = 1;
if (_pkgio_debug)
@@ -794,6 +799,13 @@
goto exit;
}
}
+
+if (Fstat(fd, st) < 0) {
+ (void) snprintf(buf, sizeof(buf),
+ _("sigh stat: BAD, Fstat(2) failed"));
+ goto exit;
+}
+
startoff = fd->stats->ops[FDSTAT_READ].bytes;
if ((xx = (int) timedRead(fd, (char *)block, sizeof(block))) != (int)
sizeof(block)) {
(void) snprintf(buf, sizeof(buf),
@@ -814,22 +826,28 @@
goto exit;
}
}
+/* XXX arbitrary limit check doesn't help much */
il = (rpmuint32_t) ntohl(block[2]);
-if (il > 32) {
+if (il > (st->st_size - startoff - sizeof(block)) || il > 32) {
(void) snprintf(buf, sizeof(buf),
_("sigh tags: BAD, no. of tags(%u) out of range"), (unsigned)
il);
goto exit;
}
+/* XXX arbitrary limit check doesn't help much */
dl = (rpmuint32_t) ntohl(block[3]);
-if (dl > 8192) {
+if (dl > (st->st_size - startoff - sizeof(block)) || dl > 8192) {
(void) snprintf(buf, sizeof(buf),
_("sigh data: BAD, no. of bytes(%u) out of range"), (unsigned)
dl);
goto exit;
}
-/*@-sizeoftype@*/
nb = (il * sizeof(struct entryInfo_s)) + dl;
-/*@=sizeoftype@*/
+if (nb > (st->st_size - startoff - sizeof(block))) {
+ (void) snprintf(buf, sizeof(buf),
+ _("hdr blob: BAD, header size (%u) larger than file size"),
+ (unsigned) nb);
+ goto exit;
+}
if (map) {
size_t pvlen = (sizeof(il) + sizeof(dl) + nb);
static const int prot = PROT_READ | PROT_WRITE;
@@ -844,7 +862,8 @@
"==> mmap(%p[%u], 0x%x, 0x%x, %d, 0x%x) error(%d): %s\n",
NULL, (unsigned)pvlen, prot, flags, fdno, (unsigned)off,
errno, strerror(errno));
-} else {
+} else
+{
size_t pvlen = (sizeof(il) + sizeof(dl) + nb);
ei = (rpmuint32_t *) xmalloc(pvlen);
}
@@ -915,7 +934,9 @@
if (info->tag == (rpmuint32_t) htonl(RPMTAG_HEADERIMAGE)) {
rpmuint32_t stag = (rpmuint32_t) htonl(RPMTAG_HEADERSIGNATURES);
info->tag = (rpmTag) stag;
+#ifdef DYING /* XXX can't retrofit with PROT_READ */
memcpy(dataEnd, , sizeof(stag));
+#endif
}
dataEnd += REGION_TAG_COUNT;
@@ -986,7 +1007,7 @@
xx = headerGet(sigh, he, HEADERGET_SIGHEADER);
if (xx) {
size_t datasize = he->p.ui32p[0];
- rc = printSize(fd, sigSize, pad, datasize);
+ rc = printSize(fd, sigSize, pad, datasize, st);
if (rc != RPMRC_OK)
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:16:29
Branch: rpm-5_4 Handle: 2016040404162900
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- header: remove the damaged tags assert failure.
Summary:
RevisionChanges Path
1.198.2.19 +221 -24rpm/rpmdb/header.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header.c
$ cvs diff -u -r1.198.2.18 -r1.198.2.19 header.c
--- rpm/rpmdb/header.c21 Mar 2016 22:08:51 - 1.198.2.18
+++ rpm/rpmdb/header.c4 Apr 2016 04:16:29 - 1.198.2.19
@@ -32,13 +32,15 @@
#endif /* __cplusplus */
#if defined(SUPPORT_IMPLICIT_TAG_DATA_TYPES)
-extern void tagTypeValidate(HE_t he)
+extern void tagTypeValidate(HE_t he, unsigned int flags)
/*@*/;
#endif
/*@unchecked@*/
int _hdr_debug = 0;
+static int jbj;
+
/** \ingroup header
*/
/*@-type@*/
@@ -337,10 +339,6 @@
size_t length = 0;
switch (type) {
-#if !defined(SUPPORT_I18NSTRING_TYPE)
-case RPM_I18NSTRING_TYPE:
-assert(0);
-#endif
case RPM_STRING_TYPE:
if (count != 1)
return 0;
@@ -353,9 +351,7 @@
break;
/* These are like RPM_STRING_TYPE, except they're *always* an array */
/* Compute sum of length of all strings, including nul terminators */
-#if defined(SUPPORT_I18NSTRING_TYPE)
case RPM_I18NSTRING_TYPE:
-#endif
case RPM_STRING_ARRAY_TYPE:
if (onDisk) {
while (count--) {
@@ -1082,9 +1078,10 @@
rpmuint32_t * stei = (rpmuint32_t *)
memcpy(alloca(nb), dataStart + off, nb);
rdl = (rpmuint32_t)-ntohl(stei[2]); /* negative offset */
-assert((rpmint32_t)rdl >= 0);/* XXX insurance */
+ if (hdrchkData(rdl))
+ goto errxit;
ril = (rpmuint32_t)(rdl/sizeof(*pe));
- if (hdrchkTags(ril) || hdrchkData(rdl))
+ if (hdrchkTags(ril))
goto errxit;
} else {
ril = il;
@@ -1425,7 +1422,8 @@
fprintf(stderr, "==> munmap(%p[%u]) error(%d): %s\n",
nuh, (unsigned)pvlen, errno, strerror(errno));
}
-} else {
+} else
+{
nuh = memcpy(xmalloc(pvlen), uh, pvlen);
if ((nh = headerLoad(nuh)) != NULL)
nh->flags |= HEADERFLAG_ALLOCATED;
@@ -1538,6 +1536,7 @@
} else {
he->p.argv = argv = (const char **) DRD_xmalloc(nb + entry->length);
t = (char *) [count];
+fprintf(stderr, "*** %s: memcpy(%p, %p, %u)\n", __FUNCTION__, t,
entry->data, (unsigned)entry->length);
memcpy(t, entry->data, entry->length);
}
/*@=mods@*/
@@ -1695,6 +1694,21 @@
}
#endif
+static void
+dumpEntry(const char *msg, indexEntry entry)
+{
+if (msg)
+ fprintf(stderr, " %s %p\n", msg, entry);
+if (entry)
+fprintf(stderr, "\tentry tag %d type %d offset %d count %d data
%p[%u]\n",
+ entry->info.tag,
+ entry->info.type,
+ entry->info.offset,
+ entry->info.count,
+ entry->data,
+ (unsigned)entry->length);
+}
+
/**
* Retrieve tag data from header.
* @param h header
@@ -1702,13 +1716,15 @@
* @param flags headerGet flags
* @return 1 on success, 0 on not found
*/
-static int intGetEntry(Header h, HE_t he, int flags)
+static int intGetEntry(Header h, HE_t he, unsigned int flags)
/*@modifies he @*/
{
int minMem = 0;
indexEntry entry;
int rc;
+if (jbj)
+fprintf(stderr, "--> %s(%p,%p, 0x%x) tag %d\n", __FUNCTION__, h, he, flags,
he ->tag);
/* First find the tag */
/*@-mods@*/ /*@ FIX: h modified by sort. */
entry = findEntry(h, he->tag, (rpmTagType)0);
@@ -1720,6 +1736,90 @@
return 0;
}
+/* XXX sanity check on count field */
+if (entry->info.count > entry->length) {
+ size_t count = entry->info.count;
+ entry->info.count = entry->length;
+fprintf(stderr, "*** %s: OVERRIDE\ttag %d type %d count %u -> %u\n",
__FUNCTION__, he->tag, entry->info.type, count, (unsigned)entry->info.count);
+}
+
+/* XXX Hardwire signature header tag type/count. */
+if (flags & HEADERGET_SIGHEADER || he->tag == RPMTAG_PUBKEYS) {
+if (jbj)
+dumpEntry("before",
[CVS] RPM: rpm-5_4: rpm/rpmdb/ hdrNVR.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:14:40
Branch: rpm-5_4 Handle: 2016040404143900
Modified files: (Branch: rpm-5_4)
rpm/rpmdb hdrNVR.c
Log:
- typoes.
Summary:
RevisionChanges Path
1.46.6.6+2 -1 rpm/rpmdb/hdrNVR.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/hdrNVR.c
$ cvs diff -u -r1.46.6.5 -r1.46.6.6 hdrNVR.c
--- rpm/rpmdb/hdrNVR.c3 Apr 2016 20:44:37 - 1.46.6.5
+++ rpm/rpmdb/hdrNVR.c4 Apr 2016 04:14:39 - 1.46.6.6
@@ -6,6 +6,7 @@
#include
#include
+#include
#define _RPMTAG_INTERNAL
#include "header_internal.h" /* XXX hdrchkType(), hdrchkData() */
@@ -305,7 +306,7 @@
}
xx = headerPut(h, he, 0);
if (xx != 1) {
- rpmlog(RPMLOG_ERROR,
+ rpmlog(RPMLOG_ERR,
_("%s: headerPut failed(%d): tag(%u) t(%u) data %p[%u]\n"),
__FUNCTION__, xx, he->tag, he->t, he->p.ptr, he->c);
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmhkp.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:04:26
Branch: rpm-5_4 Handle: 2016040404042600
Modified files: (Branch: rpm-5_4)
rpm/rpmio rpmhkp.c
Log:
- rpmhkp: rewrite signature/pubkey parameter loading, avoid rpmpgp.c.
Summary:
RevisionChanges Path
2.20.2.12 +165 -42rpm/rpmio/rpmhkp.c
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmhkp.c
$ cvs diff -u -r2.20.2.11 -r2.20.2.12 rpmhkp.c
--- rpm/rpmio/rpmhkp.c11 May 2015 21:10:19 - 2.20.2.11
+++ rpm/rpmio/rpmhkp.c4 Apr 2016 04:04:26 - 2.20.2.12
@@ -370,11 +370,13 @@
int ix = (keyx >= 0 && keyx < hkp->npkts) ? keyx : 0;
size_t pleft = hkp->pktlen - (hkp->pkts[ix] - hkp->pkt);
int len = pgpPktLen(hkp->pkts[ix], pleft, pp);
-const rpmuint8_t * p;
-int rc = 0; /* assume success */
-(void)len;
+const rpmuint8_t * p = NULL;
+int rc = -1; /* assume failure */
+
+HKPDEBUG((stderr, "--> %s(%p,%p,%d,%u) ix %d V%u\n", __FUNCTION__, hkp, dig,
keyx, pubkey_algo, ix, (pp->u.h ? pp->u.h[0] : 0)));
-HKPDEBUG((stderr, "--> %s(%p,%p,%d,%u) ix %d V%u\n", __FUNCTION__, hkp, dig,
keyx, pubkey_algo, ix, pp->u.h[0]));
+if (len < 0)
+ goto exit;
pubp->tag = pp->tag;
if (pp->u.h[0] == 3
@@ -382,21 +384,88 @@
{
pubp->version = pp->u.j->version;
memcpy(pubp->time, pp->u.j->time, sizeof(pubp->time));
- pubp->pubkey_algo = pp->u.j->pubkey_algo;
+ pubp->pubkey_algo = pubkey_algo = pp->u.j->pubkey_algo;
+/* XXX set pointer to pubkey parameters. */
p = ((rpmuint8_t *)pp->u.j) + sizeof(*pp->u.j);
- p = pgpPrtPubkeyParams(dig, pp, (pgpPubkeyAlgo)pp->u.j->pubkey_algo, p);
} else
if (pp->u.h[0] == 4
&& (pubkey_algo == 0 || pubkey_algo == pp->u.k->pubkey_algo))
{
pubp->version = pp->u.k->version;
memcpy(pubp->time, pp->u.k->time, sizeof(pubp->time));
- pubp->pubkey_algo = pp->u.k->pubkey_algo;
+ pubp->pubkey_algo = pubkey_algo = pp->u.k->pubkey_algo;
+/* XXX set pointer to pubkey parameters. */
p = ((rpmuint8_t *)pp->u.k) + sizeof(*pp->u.k);
- p = pgpPrtPubkeyParams(dig, pp, (pgpPubkeyAlgo)pp->u.k->pubkey_algo, p);
-} else
- rc = -1;
+}
+
+if (p) {
+#ifdef DYING
+ p = pgpPrtPubkeyParams(dig, pp, pubkey_algo, p);
+#else
+ const rpmuint8_t * pend = pp->u.h + pp->hlen;
+ const char * rsalbl[] =
+ { "n =", "e =", NULL };
+ const char * dsalbl[] =
+ { "p =", "q =", "g =", "y =", NULL };
+ const char * ecdsalbl[] =
+ { " oid =", "Q =", NULL };
+ const char ** lbl;
+ int nmpis;
+ int mpix;
+ int mpil;
+ int i;
+
+ switch (pubkey_algo) {
+ case PGPPUBKEYALGO_EDDSA:
+ default:
+ goto exit;
+ break;
+ case PGPPUBKEYALGO_RSA:
+ lbl = rsalbl; nmpis = 2; mpix = 30;
+ break;
+ case PGPPUBKEYALGO_DSA:
+ lbl = dsalbl; nmpis = 4; mpix = 40;
+ break;
+ case PGPPUBKEYALGO_ECDSA:
+ lbl = ecdsalbl; nmpis = 1; mpix = 60;
+ break;
+ }
+
+ /* XXX ECDSA OID parameter is stored differently than MPI's */
+ if (pubkey_algo == PGPPUBKEYALGO_ECDSA) {
+ if (p+1+p[0] > pend)
+ goto exit;
+ if (pgpImplMpiItem(lbl[0], dig, mpix+0, p+1, p+1+p[0]))
+ goto exit;
+ p += p[0] + 1;
+ mpil = pgpMpiLen(p);
+ if (mpil < 0)
+ goto exit;
+ if (p+mpil > pend)
+ goto exit;
+ if (pgpImplMpiItem(lbl[1], dig, mpix+1, p, p+mpil))
+ goto exit;
+ p += mpil;
+ i = 2;
+ } else
+ for (i = 0; i < nmpis && p+2 <= pend; i++) {
+ mpil = pgpMpiLen(p);
+ if (mpil < 0)
+ goto exit;
+ if (p+mpil > pend)
+ goto exit;
+ if (pgpImplMpiItem(lbl[i], dig, mpix+i, p, p+mpil))
+ goto exit;
+ p += mpil;
+ }
+
+ if (p != pend || i != nmpis)
+ goto exit;
+#endif
+ rc = 0;
+}
+exit:
HKPDEBUG((stderr, "<-- %s(%p,%p,%d,%u) rc %d\n", __FUNCTION__, hkp, dig,
keyx, pubkey_algo, rc));
return rc;
@@ -463,11 +532,16 @@
{
pgpDigParams sigp =
[CVS] RPM: rpm-5_4: rpm/rpmio/ mongoc.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:02:27 Branch: rpm-5_4 Handle: 2016040404022700 Modified files: (Branch: rpm-5_4) rpm/rpmio mongoc.c Log: - sanity. Summary: RevisionChanges Path 1.1.2.11+1 -1 rpm/rpmio/mongoc.c patch -p0 <<'@@ .' Index: rpm/rpmio/mongoc.c $ cvs diff -u -r1.1.2.10 -r1.1.2.11 mongoc.c --- rpm/rpmio/mongoc.c29 Mar 2016 16:40:31 - 1.1.2.10 +++ rpm/rpmio/mongoc.c4 Apr 2016 04:02:27 - 1.1.2.11 @@ -13633,7 +13633,7 @@ } } - BSON_ASSERT (file->length = target_length); + BSON_ASSERT ((file->length = target_length) > 0); file->is_dirty = true; RETURN (diff); @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmltc.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 05:59:53
Branch: rpm-5_4 Handle: 2016040403595300
Modified files: (Branch: rpm-5_4)
rpm/rpmio rpmltc.c
Log:
- ltc: ensure that rpmltcMpiItem returns a useful error code.
- ltc: turn verification asserts into a return code.
Summary:
RevisionChanges Path
1.2.4.15+14 -5 rpm/rpmio/rpmltc.c
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmltc.c
$ cvs diff -u -r1.2.4.14 -r1.2.4.15 rpmltc.c
--- rpm/rpmio/rpmltc.c17 Mar 2016 21:44:14 - 1.2.4.14
+++ rpm/rpmio/rpmltc.c4 Apr 2016 03:59:53 - 1.2.4.15
@@ -397,12 +397,18 @@
/* XXX is where valid is returned: return code ususally CRYPT_OK */
switch (pubp->pubkey_algo) {
default:
-assert(0);
+ goto exit;
break;
case PGPPUBKEYALGO_RSA:
-assert(ltc->hashIdx >= 0);
+ if (ltc->hashIdx < 0
+ || !ltc->c || mp_unsigned_bin_size(ltc->c) >= (int)sizeof(sig))
+ goto exit;
siglen = ltc->nbits/8;
+ if (siglen > sizeof(sig))
+ goto exit;
nz = siglen - mp_unsigned_bin_size(ltc->c);
+ if (nz > sizeof(sig))
+ nz = 0;
if (nz) /* XXX resurrect leading zero bytes. */
memset(sig, 0, nz);
xx = mp_to_unsigned_bin(ltc->c, sig+nz);
@@ -412,8 +418,8 @@
_padding, ltc->hashIdx, saltlen, , >rsa));
break;
case PGPPUBKEYALGO_DSA:
-assert(ltc->r && ltc->s);
-assert(ltc->qbits);
+ if (!(ltc->r && ltc->s && ltc->qbits))
+ goto exit;
/* XXX Truncate to qbits (if necessary) */
dlen = (ltc->digestlen > ltc->qbits/8 ? ltc->qbits/8 : ltc->digestlen);
xx = rpmltcErr(ltc, "dsa_verify_hash_raw",
@@ -426,7 +432,8 @@
#endif
break;
case PGPPUBKEYALGO_ECDSA:
-assert(ltc->r && ltc->s);
+ if (!(ltc->r && ltc->s && ltc->qbits))
+ goto exit;
xx = der_encode_sequence_multi(sig, ,
LTC_ASN1_INTEGER, 1UL, ltc->r,
LTC_ASN1_INTEGER, 1UL, ltc->s,
@@ -437,6 +444,7 @@
break;
}
+exit:
SPEW(!rc, rc, dig);
return rc;
}
@@ -699,6 +707,7 @@
nb = pgpMpiLen(p);
rc = ecc_ansi_x963_import(p+2, nb-2, >ecdsa);
assert(rc == CRYPT_OK);
+ rc = 0;
break;
}
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ tgit.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 05:55:44 Branch: rpm-5_4 Handle: 2016040403554400 Modified files: (Branch: rpm-5_4) rpm/rpmio tgit.c Log: - sanity. Summary: RevisionChanges Path 1.1.2.48+1 -2 rpm/rpmio/tgit.c patch -p0 <<'@@ .' Index: rpm/rpmio/tgit.c $ cvs diff -u -r1.1.2.47 -r1.1.2.48 tgit.c --- rpm/rpmio/tgit.c 27 Feb 2016 19:59:20 - 1.1.2.47 +++ rpm/rpmio/tgit.c 4 Apr 2016 03:55:44 - 1.1.2.48 @@ -1883,8 +1883,7 @@ strcpy(spec, "HEAD"); else git_oid_tostr(spec, sizeof(spec), _commit); -strcat(spec, ":"); -strcat(spec, path); +stpncpy(stpncpy(spec, ":", sizeof(*spec)-1), path, sizeof(*spec)-2); xx = chkgit(git, "git_revparse_single", git_revparse_single(, git->R, spec)); @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmsyck.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 05:56:00
Branch: rpm-5_4 Handle: 201604040356
Modified files: (Branch: rpm-5_4)
rpm/rpmio rpmsyck.c
Log:
- sanity.
Summary:
RevisionChanges Path
2.5.2.3 +4 -3 rpm/rpmio/rpmsyck.c
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmsyck.c
$ cvs diff -u -r2.5.2.2 -r2.5.2.3 rpmsyck.c
--- rpm/rpmio/rpmsyck.c 16 Feb 2015 21:23:17 - 2.5.2.2
+++ rpm/rpmio/rpmsyck.c 4 Apr 2016 03:56:00 - 2.5.2.3
@@ -45,11 +45,12 @@
static void rsFini(void * _rpmSyck)
{
rpmSyck rs = (rpmSyck) _rpmSyck;
-if(rs->syms)
+if (rs->syms) {
syck_st_foreach(rs->syms, (enum st_retval (*)(const char *, const void
*, void *))rpmSyckFreeNode, 0);
-syck_st_free_table(rs->syms);
-rs->syms = NULL;
+ syck_st_free_table(rs->syms);
+ rs->syms = NULL;
+}
rs->firstNode = NULL;
}
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmct.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 05:48:10
Branch: rpm-5_4 Handle: 2016040403481000
Modified files: (Branch: rpm-5_4)
rpm/rpmio rpmct.c
Log:
- sanity.
Summary:
RevisionChanges Path
1.1.2.5 +6 -4 rpm/rpmio/rpmct.c
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmct.c
$ cvs diff -u -r1.1.2.4 -r1.1.2.5 rpmct.c
--- rpm/rpmio/rpmct.c 28 Mar 2016 22:00:12 - 1.1.2.4
+++ rpm/rpmio/rpmct.c 4 Apr 2016 03:48:10 - 1.1.2.5
@@ -658,10 +658,12 @@
}
exit:
-if (ct->t != NULL)
- Fts_close(ct->t);
-ct->t = NULL;
-ct->p = NULL;
+if (ct != NULL) {
+ if (ct->t != NULL)
+ Fts_close(ct->t);
+ ct->t = NULL;
+ ct->p = NULL;
+}
return rval;
}
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ tagname.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 03-Apr-2016 22:50:34
Branch: rpm-5_4 Handle: 2016040320503400
Modified files: (Branch: rpm-5_4)
rpm/rpmdb tagname.c
Log:
- skip RPMSIGTAG_* <-> RPMTAG_* value collisions.
Summary:
RevisionChanges Path
1.34.2.13 +8 -10 rpm/rpmdb/tagname.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/tagname.c
$ cvs diff -u -r1.34.2.12 -r1.34.2.13 tagname.c
--- rpm/rpmdb/tagname.c 27 Feb 2016 21:34:57 - 1.34.2.12
+++ rpm/rpmdb/tagname.c 3 Apr 2016 20:50:34 - 1.34.2.13
@@ -512,26 +512,24 @@
* Validate that implicit and explicit types are identical.
* @param he tag container
*/
-void tagTypeValidate(HE_t he);
-void tagTypeValidate(HE_t he)
+void tagTypeValidate(HE_t he, unsigned int flags);
+void tagTypeValidate(HE_t he, unsigned int flags)
{
+/* XXX Skip RPMSIGTAG_* validation. */
+if (flags & HEADERGET_SIGHEADER)
+ return;
+
+#if !defined(SUPPORT_I18NSTRING_TYPE)
/* XXX Re-map RPM_I18NSTRING_TYPE -> RPM_STRING_TYPE */
if (he->t == RPM_I18NSTRING_TYPE)
he->t = RPM_STRING_TYPE;
+#endif
/* XXX Arbitrary tags are always strings. */
if ((he->tag & 0x4000)
&& (he->t == RPM_STRING_TYPE || he->t == RPM_STRING_ARRAY_TYPE))
return;
-/* XXX Make 0x3fff disappear for now. Signature? */
-if (he->tag == 0x3fff && he->t == RPM_BIN_TYPE)
- return;
-
-/* XXX hack around known borkage for now. */
-if (!(he->tag == 62))
-if (!(he->tag == 261 || he->tag == 269))
-if (!(he->tag == 1000 || he->tag == 1004 || he->tag == 1007))
if (!(he->tag == 1029 || he->tag == 1086 || he->tag == 1087))
if (he->t != (tagType(he->tag) & 0x))
fprintf(stderr, "==> warning: tag %u type(0x%x) != implicit type(0x%x)\n",
(unsigned) he->tag, he->t, tagType(he->tag));
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ rpmtag.h
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:49:05 Branch: rpm-5_4 Handle: 2016040320490500 Modified files: (Branch: rpm-5_4) rpm/rpmdb rpmtag.h Log: - rpmtag: remove a compiler warning by adding 0x3fff as an rpmTag. Summary: RevisionChanges Path 1.70.4.21 +46 -44 rpm/rpmdb/rpmtag.h patch -p0 <<'@@ .' Index: rpm/rpmdb/rpmtag.h $ cvs diff -u -r1.70.4.20 -r1.70.4.21 rpmtag.h --- rpm/rpmdb/rpmtag.h2 Apr 2016 23:01:12 - 1.70.4.20 +++ rpm/rpmdb/rpmtag.h3 Apr 2016 20:49:05 - 1.70.4.21 @@ -488,55 +488,57 @@ _RPMTAG_SUPPLEMENTNEVRS = 5060, /* s[] extension */ _RPMTAG_ENHANCENEVRS = 5061, /* s[] extension */ RPMTAG_ENCODING = 5062, /* s */ -_RPMTAG_FILETRIGGERIN= 5063, /* internal */ -_RPMTAG_FILETRIGGERUN= 5064, /* internal */ -_RPMTAG_FILETRIGGERPOSTUN= 5065, /* internal */ -RPMTAG_FILETRIGGERSCRIPTS= 5066, /* s[] */ -RPMTAG_FILETRIGGERSCRIPTPROG = 5067, /* s[] */ -RPMTAG_FILETRIGGERSCRIPTFLAGS= 5068, /* i[] */ -RPMTAG_FILETRIGGERNAME = 5069, /* s[] */ -RPMTAG_FILETRIGGERINDEX = 5070, /* i[] */ -RPMTAG_FILETRIGGERVERSION= 5071, /* s[] */ -RPMTAG_FILETRIGGERFLAGS = 5072, /* i[] */ -_RPMTAG_TRANSFILETRIGGERIN = 5073, /* internal */ -_RPMTAG_TRANSFILETRIGGERUN = 5074, /* internal */ -_RPMTAG_TRANSFILETRIGGERPOSTUN = 5075, /* internal */ -RPMTAG_TRANSFILETRIGGERSCRIPTS = 5076, /* s[] */ -RPMTAG_TRANSFILETRIGGERSCRIPTPROG= 5077, /* s[] */ -RPMTAG_TRANSFILETRIGGERSCRIPTFLAGS = 5078, /* i[] */ -RPMTAG_TRANSFILETRIGGERNAME = 5079, /* s[] */ -RPMTAG_TRANSFILETRIGGERINDEX = 5080, /* i[] */ -RPMTAG_TRANSFILETRIGGERVERSION = 5081, /* s[] */ -RPMTAG_TRANSFILETRIGGERFLAGS = 5082, /* i[] */ -_RPMTAG_REMOVEPATHPOSTFIXES = 5083, /* s internal */ -RPMTAG_FILETRIGGERPRIORITIES = 5084, /* i[] */ -RPMTAG_TRANSFILETRIGGERPRIORITIES= 5085, /* i[] */ -_RPMTAG_FILETRIGGERCONDS = 5086, /* s[] extension */ -_RPMTAG_FILETRIGGERTYPE = 5087, /* s[] extension */ -_RPMTAG_TRANSFILETRIGGERCONDS= 5088, /* s[] extension */ -_RPMTAG_TRANSFILETRIGGERTYPE = 5089, /* s[] extension */ -RPMTAG_FILESIGNATURES= 5090, /* s[] */ -RPMTAG_FILESIGNATURELENGTH = 5091, /* i */ +_RPMTAG_FILETRIGGERIN= 5063, /* internal */ +_RPMTAG_FILETRIGGERUN= 5064, /* internal */ +_RPMTAG_FILETRIGGERPOSTUN= 5065, /* internal */ +RPMTAG_FILETRIGGERSCRIPTS= 5066, /* s[] */ +RPMTAG_FILETRIGGERSCRIPTPROG = 5067, /* s[] */ +RPMTAG_FILETRIGGERSCRIPTFLAGS= 5068, /* i[] */ +RPMTAG_FILETRIGGERNAME = 5069, /* s[] */ +RPMTAG_FILETRIGGERINDEX = 5070, /* i[] */ +RPMTAG_FILETRIGGERVERSION= 5071, /* s[] */ +RPMTAG_FILETRIGGERFLAGS = 5072, /* i[] */ +_RPMTAG_TRANSFILETRIGGERIN = 5073, /* internal */ +_RPMTAG_TRANSFILETRIGGERUN = 5074, /* internal */ +_RPMTAG_TRANSFILETRIGGERPOSTUN = 5075, /* internal */ +RPMTAG_TRANSFILETRIGGERSCRIPTS = 5076, /* s[] */ +RPMTAG_TRANSFILETRIGGERSCRIPTPROG= 5077, /* s[] */ +RPMTAG_TRANSFILETRIGGERSCRIPTFLAGS = 5078, /* i[] */ +RPMTAG_TRANSFILETRIGGERNAME = 5079, /* s[] */ +RPMTAG_TRANSFILETRIGGERINDEX = 5080, /* i[] */ +RPMTAG_TRANSFILETRIGGERVERSION = 5081, /* s[] */ +RPMTAG_TRANSFILETRIGGERFLAGS = 5082, /* i[] */ +_RPMTAG_REMOVEPATHPOSTFIXES = 5083, /* s internal */ +RPMTAG_FILETRIGGERPRIORITIES = 5084, /* i[] */ +RPMTAG_TRANSFILETRIGGERPRIORITIES= 5085, /* i[] */ +_RPMTAG_FILETRIGGERCONDS = 5086, /* s[] extension */ +_RPMTAG_FILETRIGGERTYPE = 5087, /* s[] extension */ +_RPMTAG_TRANSFILETRIGGERCONDS= 5088, /* s[] extension */ +_RPMTAG_TRANSFILETRIGGERTYPE = 5089, /* s[] extension */ +RPMTAG_FILESIGNATURES= 5090, /* s[] */ +RPMTAG_FILESIGNATURELENGTH = 5091, /* i */ /*@-enummemuse@*/ -RPMTAG_FIRSTFREE_TAG,/*!< internal */
[CVS] RPM: rpm-5_4: rpm/lib/ rpmchecksig.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 03-Apr-2016 22:47:49
Branch: rpm-5_4 Handle: 2016040320474800
Modified files: (Branch: rpm-5_4)
rpm/lib rpmchecksig.c
Log:
- consitent checks for rpmhkpLoad* error returns.
Summary:
RevisionChanges Path
1.240.2.17 +3 -3 rpm/lib/rpmchecksig.c
patch -p0 <<'@@ .'
Index: rpm/lib/rpmchecksig.c
$ cvs diff -u -r1.240.2.16 -r1.240.2.17 rpmchecksig.c
--- rpm/lib/rpmchecksig.c 3 Apr 2016 20:43:05 - 1.240.2.16
+++ rpm/lib/rpmchecksig.c 3 Apr 2016 20:47:48 - 1.240.2.17
@@ -567,7 +567,7 @@
memcpy(pubp->signid, hkp->keyid, sizeof(pubp->signid)); /* XXX useless */
if (pgpPktLen(hkp->pkt, hkp->pktlen, pp) < 0
- || rpmhkpLoadKey(hkp, dig, 0, 0))
+ || rpmhkpLoadKey(hkp, dig, 0, 0) < 0)
goto exit;
/* Validate pubkey self-signatures. */
@@ -1153,7 +1153,7 @@
he->tag = she->tag;
if (!headerGet(sigh, he, 0)
|| pgpPktLen(he->p.ui8p, he->c, pp) < 0
- || rpmhkpLoadSignature(NULL, dig, pp))
+ || rpmhkpLoadSignature(NULL, dig, pp) < 0)
{
he->p.ptr = _free(he->p.ptr);
goto exit;
@@ -1208,7 +1208,7 @@
continue;
if (pgpPktLen(she->p.ui8p, she->c, pp) < 0
- || rpmhkpLoadSignature(NULL, dig, pp)
+ || rpmhkpLoadSignature(NULL, dig, pp) < 0
|| (sigp->version != 3 && sigp->version != 4))
{
rpmlog(RPMLOG_ERR,
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ hdrNVR.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 03-Apr-2016 22:44:37
Branch: rpm-5_4 Handle: 2016040320443700
Modified files: (Branch: rpm-5_4)
rpm/rpmdb hdrNVR.c
Log:
- headerNext: check headerfPut return code.
Summary:
RevisionChanges Path
1.46.6.5+6 -1 rpm/rpmdb/hdrNVR.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/hdrNVR.c
$ cvs diff -u -r1.46.6.4 -r1.46.6.5 hdrNVR.c
--- rpm/rpmdb/hdrNVR.c2 Apr 2016 23:01:12 - 1.46.6.4
+++ rpm/rpmdb/hdrNVR.c3 Apr 2016 20:44:37 - 1.46.6.5
@@ -304,7 +304,12 @@
/*@notreached@*/ /*@switchbreak@*/ break;
}
xx = headerPut(h, he, 0);
-assert(xx == 1);
+ if (xx != 1) {
+ rpmlog(RPMLOG_ERROR,
+ _("%s: headerPut failed(%d): tag(%u) t(%u) data %p[%u]\n"),
+ __FUNCTION__, xx, he->tag, he->t, he->p.ptr, he->c);
+
+ }
}
}
hi = headerFini(hi);
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/lib/ rpmchecksig.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 03-Apr-2016 22:43:05
Branch: rpm-5_4 Handle: 2016040320430500
Modified files: (Branch: rpm-5_4)
rpm/lib rpmchecksig.c
Log:
- check pgpPktLen and rpmhkpLoad* return codes.
Summary:
RevisionChanges Path
1.240.2.16 +21 -14 rpm/lib/rpmchecksig.c
patch -p0 <<'@@ .'
Index: rpm/lib/rpmchecksig.c
$ cvs diff -u -r1.240.2.15 -r1.240.2.16 rpmchecksig.c
--- rpm/lib/rpmchecksig.c 19 Feb 2015 22:05:53 - 1.240.2.15
+++ rpm/lib/rpmchecksig.c 3 Apr 2016 20:43:05 - 1.240.2.16
@@ -161,18 +161,18 @@
/*@modifies *signid, fileSystem, internalState @*/
{
HE_t he = (HE_t) memset(alloca(sizeof(*he)), 0, sizeof(*he));
-int rc = 1;
+int rc = 1; /* assume failure */
int xx;
he->tag = (rpmTag) sigtag;
xx = headerGet(sigh, he, 0);
if (xx && he->p.ptr != NULL) {
pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, PGPPUBKEYALGO_UNKNOWN);
-
/* XXX expose ppSignid() from rpmhkp.c? */
pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
- (void) pgpPktLen(he->p.ui8p, he->c, pp);
- if (!rpmhkpLoadSignature(NULL, dig, pp)) {
+ if (pgpPktLen(he->p.ui8p, he->c, pp) > 0
+ && !rpmhkpLoadSignature(NULL, dig, pp))
+ {
memcpy(signid, dig->signature.signid,
sizeof(dig->signature.signid));
rc = 0;
}
@@ -566,9 +566,9 @@
(void) pgpPubkeyFingerprint(hkp->pkt, hkp->pktlen, hkp->keyid);
memcpy(pubp->signid, hkp->keyid, sizeof(pubp->signid)); /* XXX useless */
-xx = pgpPktLen(hkp->pkt, hkp->pktlen, pp);
-
-xx = rpmhkpLoadKey(hkp, dig, 0, 0);
+if (pgpPktLen(hkp->pkt, hkp->pktlen, pp) < 0
+ || rpmhkpLoadKey(hkp, dig, 0, 0))
+ goto exit;
/* Validate pubkey self-signatures. */
if (validate) {
@@ -592,8 +592,10 @@
/* XXX hack up a user id (if not already present) */
if (pubp->userid == NULL) {
if (hkp->uidx >= 0 && hkp->uidx < hkp->npkts) {
- size_t nb = pgpPktLen(hkp->pkts[hkp->uidx], hkp->pktlen, pp);
+ size_t nb;
char * t;
+ if (pgpPktLen(hkp->pkts[hkp->uidx], hkp->pktlen, pp) < 0)
+ goto exit;
nb = pp->hlen;
t = (char *) memcpy(xmalloc(nb + 1), pp->u.u->userid, nb);
t[nb] = '\0';
@@ -1149,9 +1151,13 @@
case RPMSIGTAG_RSA:
case RPMSIGTAG_ECDSA:
he->tag = she->tag;
- xx = headerGet(sigh, he, 0);
- xx = pgpPktLen(he->p.ui8p, he->c, pp);
- xx = rpmhkpLoadSignature(NULL, dig, pp);
+ if (!headerGet(sigh, he, 0)
+ || pgpPktLen(he->p.ui8p, he->c, pp) < 0
+ || rpmhkpLoadSignature(NULL, dig, pp))
+ {
+ he->p.ptr = _free(he->p.ptr);
+ goto exit;
+ }
he->p.ptr = _free(he->p.ptr);
break;
}
@@ -1201,9 +1207,10 @@
if (nosignatures)
continue;
- xx = pgpPktLen(she->p.ui8p, she->c, pp);
- xx = rpmhkpLoadSignature(NULL, dig, pp);
- if (sigp->version != 3 && sigp->version != 4) {
+ if (pgpPktLen(she->p.ui8p, she->c, pp) < 0
+ || rpmhkpLoadSignature(NULL, dig, pp)
+ || (sigp->version != 3 && sigp->version != 4))
+ {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
fn, sigp->version);
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ yajl.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:41:35 Branch: rpm-5_4 Handle: 2016040320413500 Modified files: (Branch: rpm-5_4) rpm/rpmio yajl.c Log: - yajl: add a break statement. Summary: RevisionChanges Path 1.1.2.4 +1 -0 rpm/rpmio/yajl.c patch -p0 <<'@@ .' Index: rpm/rpmio/yajl.c $ cvs diff -u -r1.1.2.3 -r1.1.2.4 yajl.c --- rpm/rpmio/yajl.c 28 Mar 2016 21:49:41 - 1.1.2.3 +++ rpm/rpmio/yajl.c 3 Apr 2016 20:41:35 - 1.1.2.4 @@ -1958,6 +1958,7 @@ } yajl_bs_set(hand->stateStack, yajl_state_map_sep); goto around_again; + break; case yajl_tok_right_bracket: if (yajl_bs_current(hand->stateStack) == yajl_state_map_start) @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmpgp.h
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 03-Apr-2016 22:40:19
Branch: rpm-5_4 Handle: 2016040320401900
Modified files: (Branch: rpm-5_4)
rpm/rpmio rpmpgp.h
Log:
- rpmpgp: check for buffer overflows more carefully.
Summary:
RevisionChanges Path
2.108.2.17 +11 -5 rpm/rpmio/rpmpgp.h
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.h
$ cvs diff -u -r2.108.2.16 -r2.108.2.17 rpmpgp.h
--- rpm/rpmio/rpmpgp.h24 Feb 2015 20:24:09 - 2.108.2.16
+++ rpm/rpmio/rpmpgp.h3 Apr 2016 20:40:19 - 2.108.2.17
@@ -1126,9 +1126,11 @@
char * pgpHexStr(const rpmuint8_t * p, size_t plen)
/*@*/
{
-static char prbuf[8*BUFSIZ]; /* XXX ick */
+static char prbuf[BUFSIZ]; /* XXX ick */
+static size_t nb = sizeof(prbuf) - 32;
char *t = prbuf;
-t = pgpHexCvt(t, p, plen);
+unsigned ui = (plen <= nb) ? plen : nb;
+t = pgpHexCvt(t, p, ui);
return prbuf;
}
@@ -1143,11 +1145,15 @@
/*@requires maxRead(p) >= 3 @*/
/*@*/
{
-static char prbuf[8*BUFSIZ]; /* XXX ick */
+static char prbuf[BUFSIZ]; /* XXX ick */
+static size_t nb = sizeof(prbuf) - 32;
char *t = prbuf;
-sprintf(t, "[%4u]: ", pgpGrab(p, 2));
+unsigned ui = pgpGrab(p, 2);
+sprintf(t, "[%4u]: ", ui);
t += strlen(t);
-t = pgpHexCvt(t, p+2, pgpMpiLen(p)-2);
+if ((ui = pgpMpiLen(p)) > nb)
+ ui = nb;
+t = pgpHexCvt(t, p+2, ui-2);
return prbuf;
}
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmpgp.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 03-Apr-2016 22:39:32
Branch: rpm-5_4 Handle: 2016040320393200
Modified files: (Branch: rpm-5_4)
rpm/rpmio rpmpgp.c
Log:
- pgpPktLen: check return code.
Summary:
RevisionChanges Path
2.127.2.17 +4 -2 rpm/rpmio/rpmpgp.c
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.c
$ cvs diff -u -r2.127.2.16 -r2.127.2.17 rpmpgp.c
--- rpm/rpmio/rpmpgp.c24 Feb 2015 20:24:09 - 2.127.2.16
+++ rpm/rpmio/rpmpgp.c3 Apr 2016 20:39:32 - 2.127.2.17
@@ -453,6 +453,7 @@
int xx;
int i;
+assert(p);
for (i = 0; p < pend; i++, p += pgpMpiLen(p)) {
if (pubkey_algo == PGPPUBKEYALGO_RSA) {
if (i >= 1) break;
@@ -515,7 +516,8 @@
if (_pgp_print)
fprintf(stderr, "%7d", i);
}
- pgpPrtStr("", pgpMpiStr(p));
+ if (p)
+ pgpPrtStr("", pgpMpiStr(p));
pgpPrtNL();
}
@@ -1031,7 +1033,7 @@
pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
int rc = pgpPktLen(pkt, pktlen, pp);
-if (!(pp->tag == PGPTAG_PUBLIC_KEY || pp->tag == PGPTAG_PUBLIC_SUBKEY))
+if (rc < 0 || !(pp->tag == PGPTAG_PUBLIC_KEY || pp->tag ==
PGPTAG_PUBLIC_SUBKEY))
return -1;
/* Choose the correct keyid. */
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmodbc.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:37:38 Branch: rpm-5_4 Handle: 2016040320373800 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmodbc.c Log: - typo. Summary: RevisionChanges Path 1.1.2.19+1 -1 rpm/rpmio/rpmodbc.c patch -p0 <<'@@ .' Index: rpm/rpmio/rpmodbc.c $ cvs diff -u -r1.1.2.18 -r1.1.2.19 rpmodbc.c --- rpm/rpmio/rpmodbc.c 11 May 2015 21:10:19 - 1.1.2.18 +++ rpm/rpmio/rpmodbc.c 3 Apr 2016 20:37:38 - 1.1.2.19 @@ -1263,7 +1263,7 @@ urlinfo u = NULL; xx = urlSplit(fn, ); -assert(ut == URL_IS_MYSQL || ut == URL_IS_POSTGRES || URL_IS_SQLSERVER); +assert(ut == URL_IS_MYSQL || ut == URL_IS_POSTGRES || ut == URL_IS_SQLSERVER); odbc->db = rpmExpand(u->scheme, "_", basename((char *)dbpath), NULL); odbc->u = urlLink(u, __FUNCTION__); } @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
