[CVS] RPM: rpm-5_4: rpm/rpmdb/ header_internal.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:28:56 Branch: rpm-5_4 Handle: 2016040404285600 Modified files: (Branch: rpm-5_4) rpm/rpmdb header_internal.c Log: - header: remove the damaged tags assert failure. Summary: RevisionChanges Path 1.20.2.2+8 -2 rpm/rpmdb/header_internal.c patch -p0 <<'@@ .' Index: rpm/rpmdb/header_internal.c $ cvs diff -u -r1.20.2.1 -r1.20.2.2 header_internal.c --- rpm/rpmdb/header_internal.c 16 Apr 2012 23:43:34 - 1.20.2.1 +++ rpm/rpmdb/header_internal.c 4 Apr 2016 04:28:56 - 1.20.2.2 @@ -44,15 +44,21 @@ for (i = 0; i < il; i++) { info->tag = (rpmTag) ntohl(pe[i].tag); info->type = (rpmTagType) ntohl(pe[i].type); + info->offset = (rpmint32_t) ntohl(pe[i].offset); + info->count = (rpmuint32_t) ntohl(pe[i].count); +#if 0 +fprintf(stderr, "\ttag %d type %d offset 0x%x count %d\n", info->tag, info->type, info->offset, info->count); +#endif + /* XXX Convert RPMTAG_FILESTATE to RPM_UINT8_TYPE. */ if (info->tag == 1029 && info->type == 1) { info->type = RPM_UINT8_TYPE; } - info->offset = (rpmint32_t) ntohl(pe[i].offset); +#ifdef DYING assert(negate || info->offset >= 0); /* XXX insurance */ +#endif if (negate) info->offset = -info->offset; - info->count = (rpmuint32_t) ntohl(pe[i].count); if (hdrchkType(info->type)) return (int)i; @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ package.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:25:57 Branch: rpm-5_4 Handle: 2016040404255700 Modified files: (Branch: rpm-5_4) rpm/rpmdb package.c Log: - improved error checking. Summary: RevisionChanges Path 1.2.2.11+30 -5 rpm/rpmdb/package.c patch -p0 <<'@@ .' Index: rpm/rpmdb/package.c $ cvs diff -u -r1.2.2.10 -r1.2.2.11 package.c --- rpm/rpmdb/package.c 2 Apr 2016 23:01:12 - 1.2.2.10 +++ rpm/rpmdb/package.c 4 Apr 2016 04:25:57 - 1.2.2.11 @@ -87,6 +87,7 @@ rpmop op = NULL; unsigned char * hmagic = NULL; size_t nmagic = 0; +int rc = RPMRC_FAIL; /* assume failure */ int xx; he->tag = RPMTAG_HEADERIMMUTABLE; @@ -105,10 +106,11 @@ dig->nbytes += he->c; (void) rpmswExit(op, dig->nbytes); op->count--; /* XXX one too many */ +rc = RPMRC_OK; exit: he->p.ptr = _free(he->p.ptr); -return xx; +return rc; } /*@-mods@*/ @@ -290,8 +292,16 @@ case RPMSIGTAG_ECDSA: /* Parse the parameters from the OpenPGP packets that will be needed. */ xx = pgpPktLen(she->p.ui8p, she->c, pp); + if (xx < 0) { + rpmlog(RPMLOG_ERR, + _("skipping package %s with malformed signature packet(0x%x)\n"), + fn, she->p.ui8p[0]); + goto exit; + } xx = rpmhkpLoadSignature(NULL, dig, pp); - if (dig->signature.version != 3 && dig->signature.version != 4) { + if (xx < 0 + || (dig->signature.version != 3 && dig->signature.version != 4)) + { rpmlog(RPMLOG_ERR, _("skipping package %s with unverifiable V%u signature\n"), fn, dig->signature.version); @@ -300,7 +310,10 @@ } switch (dig->signature.pubkey_algo) { default: -assert(0); + rpmlog(RPMLOG_ERR, + _("skipping package %s with unknown signature algorithm(%u)\n"), + fn, dig->signature.pubkey_algo); + goto exit; break; case PGPPUBKEYALGO_RSA: dig->sigtag = RPMSIGTAG_RSA; @@ -315,11 +328,23 @@ ctxp = >hecdsa; break; } - xx = hBlobDigest(h, dig, dig->signature.hash_algo, ctxp); + rc = hBlobDigest(h, dig, dig->signature.hash_algo, ctxp); + if (rc != RPMRC_OK || *ctxp == NULL) { + rpmlog(RPMLOG_ERR, + _("skipping package %s cannot calculate header blob digest\n"), + fn); + goto exit; + } break; case RPMSIGTAG_SHA1: /* XXX dig->hsha? */ - xx = hBlobDigest(h, dig, PGPHASHALGO_SHA1, >hdsa); + rc = hBlobDigest(h, dig, PGPHASHALGO_SHA1, >hdsa); + if (rc != RPMRC_OK || dig->hdsa == NULL) { + rpmlog(RPMLOG_ERR, + _("skipping package %s cannot calculate header blob SHA1\n"), + fn); + goto exit; + } break; case RPMSIGTAG_MD5: /* Legacy signatures need the compressed payload in the digest too. */ @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ signature.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:24:23 Branch: rpm-5_4 Handle: 2016040404242200 Modified files: (Branch: rpm-5_4) rpm/rpmdb signature.c Log: - rewrite last usage of pgpPritPkts() in main rpm code. Summary: RevisionChanges Path 1.68.2.15 +23 -1 rpm/rpmdb/signature.c patch -p0 <<'@@ .' Index: rpm/rpmdb/signature.c $ cvs diff -u -r1.68.2.14 -r1.68.2.15 signature.c --- rpm/rpmdb/signature.c 2 Apr 2016 23:01:12 - 1.68.2.14 +++ rpm/rpmdb/signature.c 4 Apr 2016 04:24:22 - 1.68.2.15 @@ -257,9 +257,31 @@ /* Parse the signature, change signature tag as appropriate. */ dig = pgpDigNew(RPMVSF_DEFAULT, (pgpPubkeyAlgo)0); +sigp = pgpGetSignature(dig); +#ifdef DYING (void) pgpPrtPkts(*pktp, *pktlenp, dig, 0); -sigp = pgpGetSignature(dig); +#else +{void * sig = *pktp; + size_t siglen = *pktlenp; + size_t pleft = siglen; + pgpPkt pp = (pgpPkt) alloca(sizeof(*pp)); + + if (pgpPktLen((const rpmuint8_t *)sig, pleft, pp) < 0) { + *pktp = _free(*pktp); + rpmlog(RPMLOG_ERR, _("malformed signature packet\n")); + return 1; + } + if (rpmhkpLoadSignature(NULL, dig, pp) < 0 + || (sigp->version != 3 && sigp->version != 4)) + { + *pktp = _free(*pktp); + rpmlog(RPMLOG_ERR, _("cannot load V%u signature\n"), + (unsigned) sigp->version); + return 1; + } +} +#endif /* Identify the type of signature being returned. */ /* XXX FIXME: RPMSIGTAG{DSA,RSA,ECDSA} are interchangeable. */ @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ rpmns.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:23:22 Branch: rpm-5_4 Handle: 2016040404232200 Modified files: (Branch: rpm-5_4) rpm/rpmdb rpmns.c Log: - rpmns: check pgpPktLen() validity. Summary: RevisionChanges Path 1.15.2.8+1 -3 rpm/rpmdb/rpmns.c patch -p0 <<'@@ .' Index: rpm/rpmdb/rpmns.c $ cvs diff -u -r1.15.2.7 -r1.15.2.8 rpmns.c --- rpm/rpmdb/rpmns.c 19 Jul 2014 23:33:24 - 1.15.2.7 +++ rpm/rpmdb/rpmns.c 4 Apr 2016 04:23:22 - 1.15.2.8 @@ -367,6 +367,7 @@ pleft = sigpktlen; xx = pgpPktLen(sigpkt, pleft, pp); +if (xx < 0) goto exit; xx = rpmhkpLoadSignature(NULL, dig, pp); if (xx) goto exit; @@ -412,9 +413,6 @@ /* XXX TODO: only validate once, then cache using rpmku */ /* XXX need at least 3 packets to validate a pubkey */ if (validate && hkp->npkts >= 3) { -#ifdef DYING -pgpPrtPkts(hkp->pkt, hkp->pktlen, NULL, 1); -#endif xx = rpmhkpValidate(hkp, NULL); switch (xx) { case RPMRC_OK: @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ pkgio.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:21:40 Branch: rpm-5_4 Handle: 2016040404214000 Modified files: (Branch: rpm-5_4) rpm/rpmdb pkgio.c Log: - pkgio: fix: can't retrofit a trailer tag fix with PROT_READ in place. - pkgio: improved santy checks for {il,dl} based on file size. Summary: RevisionChanges Path 1.121.2.18 +82 -22 rpm/rpmdb/pkgio.c patch -p0 <<'@@ .' Index: rpm/rpmdb/pkgio.c $ cvs diff -u -r1.121.2.17 -r1.121.2.18 pkgio.c --- rpm/rpmdb/pkgio.c 2 Apr 2016 23:01:12 - 1.121.2.17 +++ rpm/rpmdb/pkgio.c 4 Apr 2016 04:21:40 - 1.121.2.18 @@ -706,16 +706,20 @@ * @param siglen signature header size * @param padsignature padding * @param datalenlength of header+payload + * @retval *st stat(2) of input file * @return rpmRC return code */ -static inline rpmRC printSize(FD_t fd, size_t siglen, size_t pad, size_t datalen) +static inline rpmRC printSize(FD_t fd, size_t siglen, size_t pad, + size_t datalen, struct stat *st) /*@globals fileSystem, internalState @*/ /*@modifies fileSystem, internalState @*/ { -struct stat sb, * st = size_t expected; size_t nl = rpmpkgSizeof("Lead", NULL); +if (st == NULL) + st = memset(alloca(sizeof(*st)), 0, sizeof(*st)); + #ifndef DYING /* XXX Fstat(2) contentLength not gud enuf yet. */ int fdno = Fileno(fd); /* HACK: workaround for davRead wiring. */ @@ -775,6 +779,7 @@ rpmRC rc = RPMRC_FAIL; /* assume failure */ int xx; rpmuint32_t i; +struct stat sb, *st = static int map = 1; if (_pkgio_debug) @@ -794,6 +799,13 @@ goto exit; } } + +if (Fstat(fd, st) < 0) { + (void) snprintf(buf, sizeof(buf), + _("sigh stat: BAD, Fstat(2) failed")); + goto exit; +} + startoff = fd->stats->ops[FDSTAT_READ].bytes; if ((xx = (int) timedRead(fd, (char *)block, sizeof(block))) != (int) sizeof(block)) { (void) snprintf(buf, sizeof(buf), @@ -814,22 +826,28 @@ goto exit; } } +/* XXX arbitrary limit check doesn't help much */ il = (rpmuint32_t) ntohl(block[2]); -if (il > 32) { +if (il > (st->st_size - startoff - sizeof(block)) || il > 32) { (void) snprintf(buf, sizeof(buf), _("sigh tags: BAD, no. of tags(%u) out of range"), (unsigned) il); goto exit; } +/* XXX arbitrary limit check doesn't help much */ dl = (rpmuint32_t) ntohl(block[3]); -if (dl > 8192) { +if (dl > (st->st_size - startoff - sizeof(block)) || dl > 8192) { (void) snprintf(buf, sizeof(buf), _("sigh data: BAD, no. of bytes(%u) out of range"), (unsigned) dl); goto exit; } -/*@-sizeoftype@*/ nb = (il * sizeof(struct entryInfo_s)) + dl; -/*@=sizeoftype@*/ +if (nb > (st->st_size - startoff - sizeof(block))) { + (void) snprintf(buf, sizeof(buf), + _("hdr blob: BAD, header size (%u) larger than file size"), + (unsigned) nb); + goto exit; +} if (map) { size_t pvlen = (sizeof(il) + sizeof(dl) + nb); static const int prot = PROT_READ | PROT_WRITE; @@ -844,7 +862,8 @@ "==> mmap(%p[%u], 0x%x, 0x%x, %d, 0x%x) error(%d): %s\n", NULL, (unsigned)pvlen, prot, flags, fdno, (unsigned)off, errno, strerror(errno)); -} else { +} else +{ size_t pvlen = (sizeof(il) + sizeof(dl) + nb); ei = (rpmuint32_t *) xmalloc(pvlen); } @@ -915,7 +934,9 @@ if (info->tag == (rpmuint32_t) htonl(RPMTAG_HEADERIMAGE)) { rpmuint32_t stag = (rpmuint32_t) htonl(RPMTAG_HEADERSIGNATURES); info->tag = (rpmTag) stag; +#ifdef DYING /* XXX can't retrofit with PROT_READ */ memcpy(dataEnd, , sizeof(stag)); +#endif } dataEnd += REGION_TAG_COUNT; @@ -986,7 +1007,7 @@ xx = headerGet(sigh, he, HEADERGET_SIGHEADER); if (xx) { size_t datasize = he->p.ui32p[0]; - rc = printSize(fd, sigSize, pad, datasize); + rc = printSize(fd, sigSize, pad, datasize, st); if (rc != RPMRC_OK)
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:16:29 Branch: rpm-5_4 Handle: 2016040404162900 Modified files: (Branch: rpm-5_4) rpm/rpmdb header.c Log: - header: remove the damaged tags assert failure. Summary: RevisionChanges Path 1.198.2.19 +221 -24rpm/rpmdb/header.c patch -p0 <<'@@ .' Index: rpm/rpmdb/header.c $ cvs diff -u -r1.198.2.18 -r1.198.2.19 header.c --- rpm/rpmdb/header.c21 Mar 2016 22:08:51 - 1.198.2.18 +++ rpm/rpmdb/header.c4 Apr 2016 04:16:29 - 1.198.2.19 @@ -32,13 +32,15 @@ #endif /* __cplusplus */ #if defined(SUPPORT_IMPLICIT_TAG_DATA_TYPES) -extern void tagTypeValidate(HE_t he) +extern void tagTypeValidate(HE_t he, unsigned int flags) /*@*/; #endif /*@unchecked@*/ int _hdr_debug = 0; +static int jbj; + /** \ingroup header */ /*@-type@*/ @@ -337,10 +339,6 @@ size_t length = 0; switch (type) { -#if !defined(SUPPORT_I18NSTRING_TYPE) -case RPM_I18NSTRING_TYPE: -assert(0); -#endif case RPM_STRING_TYPE: if (count != 1) return 0; @@ -353,9 +351,7 @@ break; /* These are like RPM_STRING_TYPE, except they're *always* an array */ /* Compute sum of length of all strings, including nul terminators */ -#if defined(SUPPORT_I18NSTRING_TYPE) case RPM_I18NSTRING_TYPE: -#endif case RPM_STRING_ARRAY_TYPE: if (onDisk) { while (count--) { @@ -1082,9 +1078,10 @@ rpmuint32_t * stei = (rpmuint32_t *) memcpy(alloca(nb), dataStart + off, nb); rdl = (rpmuint32_t)-ntohl(stei[2]); /* negative offset */ -assert((rpmint32_t)rdl >= 0);/* XXX insurance */ + if (hdrchkData(rdl)) + goto errxit; ril = (rpmuint32_t)(rdl/sizeof(*pe)); - if (hdrchkTags(ril) || hdrchkData(rdl)) + if (hdrchkTags(ril)) goto errxit; } else { ril = il; @@ -1425,7 +1422,8 @@ fprintf(stderr, "==> munmap(%p[%u]) error(%d): %s\n", nuh, (unsigned)pvlen, errno, strerror(errno)); } -} else { +} else +{ nuh = memcpy(xmalloc(pvlen), uh, pvlen); if ((nh = headerLoad(nuh)) != NULL) nh->flags |= HEADERFLAG_ALLOCATED; @@ -1538,6 +1536,7 @@ } else { he->p.argv = argv = (const char **) DRD_xmalloc(nb + entry->length); t = (char *) [count]; +fprintf(stderr, "*** %s: memcpy(%p, %p, %u)\n", __FUNCTION__, t, entry->data, (unsigned)entry->length); memcpy(t, entry->data, entry->length); } /*@=mods@*/ @@ -1695,6 +1694,21 @@ } #endif +static void +dumpEntry(const char *msg, indexEntry entry) +{ +if (msg) + fprintf(stderr, " %s %p\n", msg, entry); +if (entry) +fprintf(stderr, "\tentry tag %d type %d offset %d count %d data %p[%u]\n", + entry->info.tag, + entry->info.type, + entry->info.offset, + entry->info.count, + entry->data, + (unsigned)entry->length); +} + /** * Retrieve tag data from header. * @param h header @@ -1702,13 +1716,15 @@ * @param flags headerGet flags * @return 1 on success, 0 on not found */ -static int intGetEntry(Header h, HE_t he, int flags) +static int intGetEntry(Header h, HE_t he, unsigned int flags) /*@modifies he @*/ { int minMem = 0; indexEntry entry; int rc; +if (jbj) +fprintf(stderr, "--> %s(%p,%p, 0x%x) tag %d\n", __FUNCTION__, h, he, flags, he ->tag); /* First find the tag */ /*@-mods@*/ /*@ FIX: h modified by sort. */ entry = findEntry(h, he->tag, (rpmTagType)0); @@ -1720,6 +1736,90 @@ return 0; } +/* XXX sanity check on count field */ +if (entry->info.count > entry->length) { + size_t count = entry->info.count; + entry->info.count = entry->length; +fprintf(stderr, "*** %s: OVERRIDE\ttag %d type %d count %u -> %u\n", __FUNCTION__, he->tag, entry->info.type, count, (unsigned)entry->info.count); +} + +/* XXX Hardwire signature header tag type/count. */ +if (flags & HEADERGET_SIGHEADER || he->tag == RPMTAG_PUBKEYS) { +if (jbj) +dumpEntry("before",
[CVS] RPM: rpm-5_4: rpm/rpmdb/ hdrNVR.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:14:40 Branch: rpm-5_4 Handle: 2016040404143900 Modified files: (Branch: rpm-5_4) rpm/rpmdb hdrNVR.c Log: - typoes. Summary: RevisionChanges Path 1.46.6.6+2 -1 rpm/rpmdb/hdrNVR.c patch -p0 <<'@@ .' Index: rpm/rpmdb/hdrNVR.c $ cvs diff -u -r1.46.6.5 -r1.46.6.6 hdrNVR.c --- rpm/rpmdb/hdrNVR.c3 Apr 2016 20:44:37 - 1.46.6.5 +++ rpm/rpmdb/hdrNVR.c4 Apr 2016 04:14:39 - 1.46.6.6 @@ -6,6 +6,7 @@ #include #include +#include #define _RPMTAG_INTERNAL #include "header_internal.h" /* XXX hdrchkType(), hdrchkData() */ @@ -305,7 +306,7 @@ } xx = headerPut(h, he, 0); if (xx != 1) { - rpmlog(RPMLOG_ERROR, + rpmlog(RPMLOG_ERR, _("%s: headerPut failed(%d): tag(%u) t(%u) data %p[%u]\n"), __FUNCTION__, xx, he->tag, he->t, he->p.ptr, he->c); @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmhkp.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:04:26 Branch: rpm-5_4 Handle: 2016040404042600 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmhkp.c Log: - rpmhkp: rewrite signature/pubkey parameter loading, avoid rpmpgp.c. Summary: RevisionChanges Path 2.20.2.12 +165 -42rpm/rpmio/rpmhkp.c patch -p0 <<'@@ .' Index: rpm/rpmio/rpmhkp.c $ cvs diff -u -r2.20.2.11 -r2.20.2.12 rpmhkp.c --- rpm/rpmio/rpmhkp.c11 May 2015 21:10:19 - 2.20.2.11 +++ rpm/rpmio/rpmhkp.c4 Apr 2016 04:04:26 - 2.20.2.12 @@ -370,11 +370,13 @@ int ix = (keyx >= 0 && keyx < hkp->npkts) ? keyx : 0; size_t pleft = hkp->pktlen - (hkp->pkts[ix] - hkp->pkt); int len = pgpPktLen(hkp->pkts[ix], pleft, pp); -const rpmuint8_t * p; -int rc = 0; /* assume success */ -(void)len; +const rpmuint8_t * p = NULL; +int rc = -1; /* assume failure */ + +HKPDEBUG((stderr, "--> %s(%p,%p,%d,%u) ix %d V%u\n", __FUNCTION__, hkp, dig, keyx, pubkey_algo, ix, (pp->u.h ? pp->u.h[0] : 0))); -HKPDEBUG((stderr, "--> %s(%p,%p,%d,%u) ix %d V%u\n", __FUNCTION__, hkp, dig, keyx, pubkey_algo, ix, pp->u.h[0])); +if (len < 0) + goto exit; pubp->tag = pp->tag; if (pp->u.h[0] == 3 @@ -382,21 +384,88 @@ { pubp->version = pp->u.j->version; memcpy(pubp->time, pp->u.j->time, sizeof(pubp->time)); - pubp->pubkey_algo = pp->u.j->pubkey_algo; + pubp->pubkey_algo = pubkey_algo = pp->u.j->pubkey_algo; +/* XXX set pointer to pubkey parameters. */ p = ((rpmuint8_t *)pp->u.j) + sizeof(*pp->u.j); - p = pgpPrtPubkeyParams(dig, pp, (pgpPubkeyAlgo)pp->u.j->pubkey_algo, p); } else if (pp->u.h[0] == 4 && (pubkey_algo == 0 || pubkey_algo == pp->u.k->pubkey_algo)) { pubp->version = pp->u.k->version; memcpy(pubp->time, pp->u.k->time, sizeof(pubp->time)); - pubp->pubkey_algo = pp->u.k->pubkey_algo; + pubp->pubkey_algo = pubkey_algo = pp->u.k->pubkey_algo; +/* XXX set pointer to pubkey parameters. */ p = ((rpmuint8_t *)pp->u.k) + sizeof(*pp->u.k); - p = pgpPrtPubkeyParams(dig, pp, (pgpPubkeyAlgo)pp->u.k->pubkey_algo, p); -} else - rc = -1; +} + +if (p) { +#ifdef DYING + p = pgpPrtPubkeyParams(dig, pp, pubkey_algo, p); +#else + const rpmuint8_t * pend = pp->u.h + pp->hlen; + const char * rsalbl[] = + { "n =", "e =", NULL }; + const char * dsalbl[] = + { "p =", "q =", "g =", "y =", NULL }; + const char * ecdsalbl[] = + { " oid =", "Q =", NULL }; + const char ** lbl; + int nmpis; + int mpix; + int mpil; + int i; + + switch (pubkey_algo) { + case PGPPUBKEYALGO_EDDSA: + default: + goto exit; + break; + case PGPPUBKEYALGO_RSA: + lbl = rsalbl; nmpis = 2; mpix = 30; + break; + case PGPPUBKEYALGO_DSA: + lbl = dsalbl; nmpis = 4; mpix = 40; + break; + case PGPPUBKEYALGO_ECDSA: + lbl = ecdsalbl; nmpis = 1; mpix = 60; + break; + } + + /* XXX ECDSA OID parameter is stored differently than MPI's */ + if (pubkey_algo == PGPPUBKEYALGO_ECDSA) { + if (p+1+p[0] > pend) + goto exit; + if (pgpImplMpiItem(lbl[0], dig, mpix+0, p+1, p+1+p[0])) + goto exit; + p += p[0] + 1; + mpil = pgpMpiLen(p); + if (mpil < 0) + goto exit; + if (p+mpil > pend) + goto exit; + if (pgpImplMpiItem(lbl[1], dig, mpix+1, p, p+mpil)) + goto exit; + p += mpil; + i = 2; + } else + for (i = 0; i < nmpis && p+2 <= pend; i++) { + mpil = pgpMpiLen(p); + if (mpil < 0) + goto exit; + if (p+mpil > pend) + goto exit; + if (pgpImplMpiItem(lbl[i], dig, mpix+i, p, p+mpil)) + goto exit; + p += mpil; + } + + if (p != pend || i != nmpis) + goto exit; +#endif + rc = 0; +} +exit: HKPDEBUG((stderr, "<-- %s(%p,%p,%d,%u) rc %d\n", __FUNCTION__, hkp, dig, keyx, pubkey_algo, rc)); return rc; @@ -463,11 +532,16 @@ { pgpDigParams sigp =
[CVS] RPM: rpm-5_4: rpm/rpmio/ mongoc.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 06:02:27 Branch: rpm-5_4 Handle: 2016040404022700 Modified files: (Branch: rpm-5_4) rpm/rpmio mongoc.c Log: - sanity. Summary: RevisionChanges Path 1.1.2.11+1 -1 rpm/rpmio/mongoc.c patch -p0 <<'@@ .' Index: rpm/rpmio/mongoc.c $ cvs diff -u -r1.1.2.10 -r1.1.2.11 mongoc.c --- rpm/rpmio/mongoc.c29 Mar 2016 16:40:31 - 1.1.2.10 +++ rpm/rpmio/mongoc.c4 Apr 2016 04:02:27 - 1.1.2.11 @@ -13633,7 +13633,7 @@ } } - BSON_ASSERT (file->length = target_length); + BSON_ASSERT ((file->length = target_length) > 0); file->is_dirty = true; RETURN (diff); @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmltc.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 05:59:53 Branch: rpm-5_4 Handle: 2016040403595300 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmltc.c Log: - ltc: ensure that rpmltcMpiItem returns a useful error code. - ltc: turn verification asserts into a return code. Summary: RevisionChanges Path 1.2.4.15+14 -5 rpm/rpmio/rpmltc.c patch -p0 <<'@@ .' Index: rpm/rpmio/rpmltc.c $ cvs diff -u -r1.2.4.14 -r1.2.4.15 rpmltc.c --- rpm/rpmio/rpmltc.c17 Mar 2016 21:44:14 - 1.2.4.14 +++ rpm/rpmio/rpmltc.c4 Apr 2016 03:59:53 - 1.2.4.15 @@ -397,12 +397,18 @@ /* XXX is where valid is returned: return code ususally CRYPT_OK */ switch (pubp->pubkey_algo) { default: -assert(0); + goto exit; break; case PGPPUBKEYALGO_RSA: -assert(ltc->hashIdx >= 0); + if (ltc->hashIdx < 0 + || !ltc->c || mp_unsigned_bin_size(ltc->c) >= (int)sizeof(sig)) + goto exit; siglen = ltc->nbits/8; + if (siglen > sizeof(sig)) + goto exit; nz = siglen - mp_unsigned_bin_size(ltc->c); + if (nz > sizeof(sig)) + nz = 0; if (nz) /* XXX resurrect leading zero bytes. */ memset(sig, 0, nz); xx = mp_to_unsigned_bin(ltc->c, sig+nz); @@ -412,8 +418,8 @@ _padding, ltc->hashIdx, saltlen, , >rsa)); break; case PGPPUBKEYALGO_DSA: -assert(ltc->r && ltc->s); -assert(ltc->qbits); + if (!(ltc->r && ltc->s && ltc->qbits)) + goto exit; /* XXX Truncate to qbits (if necessary) */ dlen = (ltc->digestlen > ltc->qbits/8 ? ltc->qbits/8 : ltc->digestlen); xx = rpmltcErr(ltc, "dsa_verify_hash_raw", @@ -426,7 +432,8 @@ #endif break; case PGPPUBKEYALGO_ECDSA: -assert(ltc->r && ltc->s); + if (!(ltc->r && ltc->s && ltc->qbits)) + goto exit; xx = der_encode_sequence_multi(sig, , LTC_ASN1_INTEGER, 1UL, ltc->r, LTC_ASN1_INTEGER, 1UL, ltc->s, @@ -437,6 +444,7 @@ break; } +exit: SPEW(!rc, rc, dig); return rc; } @@ -699,6 +707,7 @@ nb = pgpMpiLen(p); rc = ecc_ansi_x963_import(p+2, nb-2, >ecdsa); assert(rc == CRYPT_OK); + rc = 0; break; } @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ tgit.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 05:55:44 Branch: rpm-5_4 Handle: 2016040403554400 Modified files: (Branch: rpm-5_4) rpm/rpmio tgit.c Log: - sanity. Summary: RevisionChanges Path 1.1.2.48+1 -2 rpm/rpmio/tgit.c patch -p0 <<'@@ .' Index: rpm/rpmio/tgit.c $ cvs diff -u -r1.1.2.47 -r1.1.2.48 tgit.c --- rpm/rpmio/tgit.c 27 Feb 2016 19:59:20 - 1.1.2.47 +++ rpm/rpmio/tgit.c 4 Apr 2016 03:55:44 - 1.1.2.48 @@ -1883,8 +1883,7 @@ strcpy(spec, "HEAD"); else git_oid_tostr(spec, sizeof(spec), _commit); -strcat(spec, ":"); -strcat(spec, path); +stpncpy(stpncpy(spec, ":", sizeof(*spec)-1), path, sizeof(*spec)-2); xx = chkgit(git, "git_revparse_single", git_revparse_single(, git->R, spec)); @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmsyck.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 05:56:00 Branch: rpm-5_4 Handle: 201604040356 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmsyck.c Log: - sanity. Summary: RevisionChanges Path 2.5.2.3 +4 -3 rpm/rpmio/rpmsyck.c patch -p0 <<'@@ .' Index: rpm/rpmio/rpmsyck.c $ cvs diff -u -r2.5.2.2 -r2.5.2.3 rpmsyck.c --- rpm/rpmio/rpmsyck.c 16 Feb 2015 21:23:17 - 2.5.2.2 +++ rpm/rpmio/rpmsyck.c 4 Apr 2016 03:56:00 - 2.5.2.3 @@ -45,11 +45,12 @@ static void rsFini(void * _rpmSyck) { rpmSyck rs = (rpmSyck) _rpmSyck; -if(rs->syms) +if (rs->syms) { syck_st_foreach(rs->syms, (enum st_retval (*)(const char *, const void *, void *))rpmSyckFreeNode, 0); -syck_st_free_table(rs->syms); -rs->syms = NULL; + syck_st_free_table(rs->syms); + rs->syms = NULL; +} rs->firstNode = NULL; } @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmct.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 05:48:10 Branch: rpm-5_4 Handle: 2016040403481000 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmct.c Log: - sanity. Summary: RevisionChanges Path 1.1.2.5 +6 -4 rpm/rpmio/rpmct.c patch -p0 <<'@@ .' Index: rpm/rpmio/rpmct.c $ cvs diff -u -r1.1.2.4 -r1.1.2.5 rpmct.c --- rpm/rpmio/rpmct.c 28 Mar 2016 22:00:12 - 1.1.2.4 +++ rpm/rpmio/rpmct.c 4 Apr 2016 03:48:10 - 1.1.2.5 @@ -658,10 +658,12 @@ } exit: -if (ct->t != NULL) - Fts_close(ct->t); -ct->t = NULL; -ct->p = NULL; +if (ct != NULL) { + if (ct->t != NULL) + Fts_close(ct->t); + ct->t = NULL; + ct->p = NULL; +} return rval; } @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ tagname.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:50:34 Branch: rpm-5_4 Handle: 2016040320503400 Modified files: (Branch: rpm-5_4) rpm/rpmdb tagname.c Log: - skip RPMSIGTAG_* <-> RPMTAG_* value collisions. Summary: RevisionChanges Path 1.34.2.13 +8 -10 rpm/rpmdb/tagname.c patch -p0 <<'@@ .' Index: rpm/rpmdb/tagname.c $ cvs diff -u -r1.34.2.12 -r1.34.2.13 tagname.c --- rpm/rpmdb/tagname.c 27 Feb 2016 21:34:57 - 1.34.2.12 +++ rpm/rpmdb/tagname.c 3 Apr 2016 20:50:34 - 1.34.2.13 @@ -512,26 +512,24 @@ * Validate that implicit and explicit types are identical. * @param he tag container */ -void tagTypeValidate(HE_t he); -void tagTypeValidate(HE_t he) +void tagTypeValidate(HE_t he, unsigned int flags); +void tagTypeValidate(HE_t he, unsigned int flags) { +/* XXX Skip RPMSIGTAG_* validation. */ +if (flags & HEADERGET_SIGHEADER) + return; + +#if !defined(SUPPORT_I18NSTRING_TYPE) /* XXX Re-map RPM_I18NSTRING_TYPE -> RPM_STRING_TYPE */ if (he->t == RPM_I18NSTRING_TYPE) he->t = RPM_STRING_TYPE; +#endif /* XXX Arbitrary tags are always strings. */ if ((he->tag & 0x4000) && (he->t == RPM_STRING_TYPE || he->t == RPM_STRING_ARRAY_TYPE)) return; -/* XXX Make 0x3fff disappear for now. Signature? */ -if (he->tag == 0x3fff && he->t == RPM_BIN_TYPE) - return; - -/* XXX hack around known borkage for now. */ -if (!(he->tag == 62)) -if (!(he->tag == 261 || he->tag == 269)) -if (!(he->tag == 1000 || he->tag == 1004 || he->tag == 1007)) if (!(he->tag == 1029 || he->tag == 1086 || he->tag == 1087)) if (he->t != (tagType(he->tag) & 0x)) fprintf(stderr, "==> warning: tag %u type(0x%x) != implicit type(0x%x)\n", (unsigned) he->tag, he->t, tagType(he->tag)); @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ rpmtag.h
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:49:05 Branch: rpm-5_4 Handle: 2016040320490500 Modified files: (Branch: rpm-5_4) rpm/rpmdb rpmtag.h Log: - rpmtag: remove a compiler warning by adding 0x3fff as an rpmTag. Summary: RevisionChanges Path 1.70.4.21 +46 -44 rpm/rpmdb/rpmtag.h patch -p0 <<'@@ .' Index: rpm/rpmdb/rpmtag.h $ cvs diff -u -r1.70.4.20 -r1.70.4.21 rpmtag.h --- rpm/rpmdb/rpmtag.h2 Apr 2016 23:01:12 - 1.70.4.20 +++ rpm/rpmdb/rpmtag.h3 Apr 2016 20:49:05 - 1.70.4.21 @@ -488,55 +488,57 @@ _RPMTAG_SUPPLEMENTNEVRS = 5060, /* s[] extension */ _RPMTAG_ENHANCENEVRS = 5061, /* s[] extension */ RPMTAG_ENCODING = 5062, /* s */ -_RPMTAG_FILETRIGGERIN= 5063, /* internal */ -_RPMTAG_FILETRIGGERUN= 5064, /* internal */ -_RPMTAG_FILETRIGGERPOSTUN= 5065, /* internal */ -RPMTAG_FILETRIGGERSCRIPTS= 5066, /* s[] */ -RPMTAG_FILETRIGGERSCRIPTPROG = 5067, /* s[] */ -RPMTAG_FILETRIGGERSCRIPTFLAGS= 5068, /* i[] */ -RPMTAG_FILETRIGGERNAME = 5069, /* s[] */ -RPMTAG_FILETRIGGERINDEX = 5070, /* i[] */ -RPMTAG_FILETRIGGERVERSION= 5071, /* s[] */ -RPMTAG_FILETRIGGERFLAGS = 5072, /* i[] */ -_RPMTAG_TRANSFILETRIGGERIN = 5073, /* internal */ -_RPMTAG_TRANSFILETRIGGERUN = 5074, /* internal */ -_RPMTAG_TRANSFILETRIGGERPOSTUN = 5075, /* internal */ -RPMTAG_TRANSFILETRIGGERSCRIPTS = 5076, /* s[] */ -RPMTAG_TRANSFILETRIGGERSCRIPTPROG= 5077, /* s[] */ -RPMTAG_TRANSFILETRIGGERSCRIPTFLAGS = 5078, /* i[] */ -RPMTAG_TRANSFILETRIGGERNAME = 5079, /* s[] */ -RPMTAG_TRANSFILETRIGGERINDEX = 5080, /* i[] */ -RPMTAG_TRANSFILETRIGGERVERSION = 5081, /* s[] */ -RPMTAG_TRANSFILETRIGGERFLAGS = 5082, /* i[] */ -_RPMTAG_REMOVEPATHPOSTFIXES = 5083, /* s internal */ -RPMTAG_FILETRIGGERPRIORITIES = 5084, /* i[] */ -RPMTAG_TRANSFILETRIGGERPRIORITIES= 5085, /* i[] */ -_RPMTAG_FILETRIGGERCONDS = 5086, /* s[] extension */ -_RPMTAG_FILETRIGGERTYPE = 5087, /* s[] extension */ -_RPMTAG_TRANSFILETRIGGERCONDS= 5088, /* s[] extension */ -_RPMTAG_TRANSFILETRIGGERTYPE = 5089, /* s[] extension */ -RPMTAG_FILESIGNATURES= 5090, /* s[] */ -RPMTAG_FILESIGNATURELENGTH = 5091, /* i */ +_RPMTAG_FILETRIGGERIN= 5063, /* internal */ +_RPMTAG_FILETRIGGERUN= 5064, /* internal */ +_RPMTAG_FILETRIGGERPOSTUN= 5065, /* internal */ +RPMTAG_FILETRIGGERSCRIPTS= 5066, /* s[] */ +RPMTAG_FILETRIGGERSCRIPTPROG = 5067, /* s[] */ +RPMTAG_FILETRIGGERSCRIPTFLAGS= 5068, /* i[] */ +RPMTAG_FILETRIGGERNAME = 5069, /* s[] */ +RPMTAG_FILETRIGGERINDEX = 5070, /* i[] */ +RPMTAG_FILETRIGGERVERSION= 5071, /* s[] */ +RPMTAG_FILETRIGGERFLAGS = 5072, /* i[] */ +_RPMTAG_TRANSFILETRIGGERIN = 5073, /* internal */ +_RPMTAG_TRANSFILETRIGGERUN = 5074, /* internal */ +_RPMTAG_TRANSFILETRIGGERPOSTUN = 5075, /* internal */ +RPMTAG_TRANSFILETRIGGERSCRIPTS = 5076, /* s[] */ +RPMTAG_TRANSFILETRIGGERSCRIPTPROG= 5077, /* s[] */ +RPMTAG_TRANSFILETRIGGERSCRIPTFLAGS = 5078, /* i[] */ +RPMTAG_TRANSFILETRIGGERNAME = 5079, /* s[] */ +RPMTAG_TRANSFILETRIGGERINDEX = 5080, /* i[] */ +RPMTAG_TRANSFILETRIGGERVERSION = 5081, /* s[] */ +RPMTAG_TRANSFILETRIGGERFLAGS = 5082, /* i[] */ +_RPMTAG_REMOVEPATHPOSTFIXES = 5083, /* s internal */ +RPMTAG_FILETRIGGERPRIORITIES = 5084, /* i[] */ +RPMTAG_TRANSFILETRIGGERPRIORITIES= 5085, /* i[] */ +_RPMTAG_FILETRIGGERCONDS = 5086, /* s[] extension */ +_RPMTAG_FILETRIGGERTYPE = 5087, /* s[] extension */ +_RPMTAG_TRANSFILETRIGGERCONDS= 5088, /* s[] extension */ +_RPMTAG_TRANSFILETRIGGERTYPE = 5089, /* s[] extension */ +RPMTAG_FILESIGNATURES= 5090, /* s[] */ +RPMTAG_FILESIGNATURELENGTH = 5091, /* i */ /*@-enummemuse@*/ -RPMTAG_FIRSTFREE_TAG,/*!< internal */
[CVS] RPM: rpm-5_4: rpm/lib/ rpmchecksig.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:47:49 Branch: rpm-5_4 Handle: 2016040320474800 Modified files: (Branch: rpm-5_4) rpm/lib rpmchecksig.c Log: - consitent checks for rpmhkpLoad* error returns. Summary: RevisionChanges Path 1.240.2.17 +3 -3 rpm/lib/rpmchecksig.c patch -p0 <<'@@ .' Index: rpm/lib/rpmchecksig.c $ cvs diff -u -r1.240.2.16 -r1.240.2.17 rpmchecksig.c --- rpm/lib/rpmchecksig.c 3 Apr 2016 20:43:05 - 1.240.2.16 +++ rpm/lib/rpmchecksig.c 3 Apr 2016 20:47:48 - 1.240.2.17 @@ -567,7 +567,7 @@ memcpy(pubp->signid, hkp->keyid, sizeof(pubp->signid)); /* XXX useless */ if (pgpPktLen(hkp->pkt, hkp->pktlen, pp) < 0 - || rpmhkpLoadKey(hkp, dig, 0, 0)) + || rpmhkpLoadKey(hkp, dig, 0, 0) < 0) goto exit; /* Validate pubkey self-signatures. */ @@ -1153,7 +1153,7 @@ he->tag = she->tag; if (!headerGet(sigh, he, 0) || pgpPktLen(he->p.ui8p, he->c, pp) < 0 - || rpmhkpLoadSignature(NULL, dig, pp)) + || rpmhkpLoadSignature(NULL, dig, pp) < 0) { he->p.ptr = _free(he->p.ptr); goto exit; @@ -1208,7 +1208,7 @@ continue; if (pgpPktLen(she->p.ui8p, she->c, pp) < 0 - || rpmhkpLoadSignature(NULL, dig, pp) + || rpmhkpLoadSignature(NULL, dig, pp) < 0 || (sigp->version != 3 && sigp->version != 4)) { rpmlog(RPMLOG_ERR, @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ hdrNVR.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:44:37 Branch: rpm-5_4 Handle: 2016040320443700 Modified files: (Branch: rpm-5_4) rpm/rpmdb hdrNVR.c Log: - headerNext: check headerfPut return code. Summary: RevisionChanges Path 1.46.6.5+6 -1 rpm/rpmdb/hdrNVR.c patch -p0 <<'@@ .' Index: rpm/rpmdb/hdrNVR.c $ cvs diff -u -r1.46.6.4 -r1.46.6.5 hdrNVR.c --- rpm/rpmdb/hdrNVR.c2 Apr 2016 23:01:12 - 1.46.6.4 +++ rpm/rpmdb/hdrNVR.c3 Apr 2016 20:44:37 - 1.46.6.5 @@ -304,7 +304,12 @@ /*@notreached@*/ /*@switchbreak@*/ break; } xx = headerPut(h, he, 0); -assert(xx == 1); + if (xx != 1) { + rpmlog(RPMLOG_ERROR, + _("%s: headerPut failed(%d): tag(%u) t(%u) data %p[%u]\n"), + __FUNCTION__, xx, he->tag, he->t, he->p.ptr, he->c); + + } } } hi = headerFini(hi); @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/lib/ rpmchecksig.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:43:05 Branch: rpm-5_4 Handle: 2016040320430500 Modified files: (Branch: rpm-5_4) rpm/lib rpmchecksig.c Log: - check pgpPktLen and rpmhkpLoad* return codes. Summary: RevisionChanges Path 1.240.2.16 +21 -14 rpm/lib/rpmchecksig.c patch -p0 <<'@@ .' Index: rpm/lib/rpmchecksig.c $ cvs diff -u -r1.240.2.15 -r1.240.2.16 rpmchecksig.c --- rpm/lib/rpmchecksig.c 19 Feb 2015 22:05:53 - 1.240.2.15 +++ rpm/lib/rpmchecksig.c 3 Apr 2016 20:43:05 - 1.240.2.16 @@ -161,18 +161,18 @@ /*@modifies *signid, fileSystem, internalState @*/ { HE_t he = (HE_t) memset(alloca(sizeof(*he)), 0, sizeof(*he)); -int rc = 1; +int rc = 1; /* assume failure */ int xx; he->tag = (rpmTag) sigtag; xx = headerGet(sigh, he, 0); if (xx && he->p.ptr != NULL) { pgpDig dig = pgpDigNew(RPMVSF_DEFAULT, PGPPUBKEYALGO_UNKNOWN); - /* XXX expose ppSignid() from rpmhkp.c? */ pgpPkt pp = (pgpPkt) alloca(sizeof(*pp)); - (void) pgpPktLen(he->p.ui8p, he->c, pp); - if (!rpmhkpLoadSignature(NULL, dig, pp)) { + if (pgpPktLen(he->p.ui8p, he->c, pp) > 0 + && !rpmhkpLoadSignature(NULL, dig, pp)) + { memcpy(signid, dig->signature.signid, sizeof(dig->signature.signid)); rc = 0; } @@ -566,9 +566,9 @@ (void) pgpPubkeyFingerprint(hkp->pkt, hkp->pktlen, hkp->keyid); memcpy(pubp->signid, hkp->keyid, sizeof(pubp->signid)); /* XXX useless */ -xx = pgpPktLen(hkp->pkt, hkp->pktlen, pp); - -xx = rpmhkpLoadKey(hkp, dig, 0, 0); +if (pgpPktLen(hkp->pkt, hkp->pktlen, pp) < 0 + || rpmhkpLoadKey(hkp, dig, 0, 0)) + goto exit; /* Validate pubkey self-signatures. */ if (validate) { @@ -592,8 +592,10 @@ /* XXX hack up a user id (if not already present) */ if (pubp->userid == NULL) { if (hkp->uidx >= 0 && hkp->uidx < hkp->npkts) { - size_t nb = pgpPktLen(hkp->pkts[hkp->uidx], hkp->pktlen, pp); + size_t nb; char * t; + if (pgpPktLen(hkp->pkts[hkp->uidx], hkp->pktlen, pp) < 0) + goto exit; nb = pp->hlen; t = (char *) memcpy(xmalloc(nb + 1), pp->u.u->userid, nb); t[nb] = '\0'; @@ -1149,9 +1151,13 @@ case RPMSIGTAG_RSA: case RPMSIGTAG_ECDSA: he->tag = she->tag; - xx = headerGet(sigh, he, 0); - xx = pgpPktLen(he->p.ui8p, he->c, pp); - xx = rpmhkpLoadSignature(NULL, dig, pp); + if (!headerGet(sigh, he, 0) + || pgpPktLen(he->p.ui8p, he->c, pp) < 0 + || rpmhkpLoadSignature(NULL, dig, pp)) + { + he->p.ptr = _free(he->p.ptr); + goto exit; + } he->p.ptr = _free(he->p.ptr); break; } @@ -1201,9 +1207,10 @@ if (nosignatures) continue; - xx = pgpPktLen(she->p.ui8p, she->c, pp); - xx = rpmhkpLoadSignature(NULL, dig, pp); - if (sigp->version != 3 && sigp->version != 4) { + if (pgpPktLen(she->p.ui8p, she->c, pp) < 0 + || rpmhkpLoadSignature(NULL, dig, pp) + || (sigp->version != 3 && sigp->version != 4)) + { rpmlog(RPMLOG_ERR, _("skipping package %s with unverifiable V%u signature\n"), fn, sigp->version); @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ yajl.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:41:35 Branch: rpm-5_4 Handle: 2016040320413500 Modified files: (Branch: rpm-5_4) rpm/rpmio yajl.c Log: - yajl: add a break statement. Summary: RevisionChanges Path 1.1.2.4 +1 -0 rpm/rpmio/yajl.c patch -p0 <<'@@ .' Index: rpm/rpmio/yajl.c $ cvs diff -u -r1.1.2.3 -r1.1.2.4 yajl.c --- rpm/rpmio/yajl.c 28 Mar 2016 21:49:41 - 1.1.2.3 +++ rpm/rpmio/yajl.c 3 Apr 2016 20:41:35 - 1.1.2.4 @@ -1958,6 +1958,7 @@ } yajl_bs_set(hand->stateStack, yajl_state_map_sep); goto around_again; + break; case yajl_tok_right_bracket: if (yajl_bs_current(hand->stateStack) == yajl_state_map_start) @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmpgp.h
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:40:19 Branch: rpm-5_4 Handle: 2016040320401900 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmpgp.h Log: - rpmpgp: check for buffer overflows more carefully. Summary: RevisionChanges Path 2.108.2.17 +11 -5 rpm/rpmio/rpmpgp.h patch -p0 <<'@@ .' Index: rpm/rpmio/rpmpgp.h $ cvs diff -u -r2.108.2.16 -r2.108.2.17 rpmpgp.h --- rpm/rpmio/rpmpgp.h24 Feb 2015 20:24:09 - 2.108.2.16 +++ rpm/rpmio/rpmpgp.h3 Apr 2016 20:40:19 - 2.108.2.17 @@ -1126,9 +1126,11 @@ char * pgpHexStr(const rpmuint8_t * p, size_t plen) /*@*/ { -static char prbuf[8*BUFSIZ]; /* XXX ick */ +static char prbuf[BUFSIZ]; /* XXX ick */ +static size_t nb = sizeof(prbuf) - 32; char *t = prbuf; -t = pgpHexCvt(t, p, plen); +unsigned ui = (plen <= nb) ? plen : nb; +t = pgpHexCvt(t, p, ui); return prbuf; } @@ -1143,11 +1145,15 @@ /*@requires maxRead(p) >= 3 @*/ /*@*/ { -static char prbuf[8*BUFSIZ]; /* XXX ick */ +static char prbuf[BUFSIZ]; /* XXX ick */ +static size_t nb = sizeof(prbuf) - 32; char *t = prbuf; -sprintf(t, "[%4u]: ", pgpGrab(p, 2)); +unsigned ui = pgpGrab(p, 2); +sprintf(t, "[%4u]: ", ui); t += strlen(t); -t = pgpHexCvt(t, p+2, pgpMpiLen(p)-2); +if ((ui = pgpMpiLen(p)) > nb) + ui = nb; +t = pgpHexCvt(t, p+2, ui-2); return prbuf; } @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmpgp.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:39:32 Branch: rpm-5_4 Handle: 2016040320393200 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmpgp.c Log: - pgpPktLen: check return code. Summary: RevisionChanges Path 2.127.2.17 +4 -2 rpm/rpmio/rpmpgp.c patch -p0 <<'@@ .' Index: rpm/rpmio/rpmpgp.c $ cvs diff -u -r2.127.2.16 -r2.127.2.17 rpmpgp.c --- rpm/rpmio/rpmpgp.c24 Feb 2015 20:24:09 - 2.127.2.16 +++ rpm/rpmio/rpmpgp.c3 Apr 2016 20:39:32 - 2.127.2.17 @@ -453,6 +453,7 @@ int xx; int i; +assert(p); for (i = 0; p < pend; i++, p += pgpMpiLen(p)) { if (pubkey_algo == PGPPUBKEYALGO_RSA) { if (i >= 1) break; @@ -515,7 +516,8 @@ if (_pgp_print) fprintf(stderr, "%7d", i); } - pgpPrtStr("", pgpMpiStr(p)); + if (p) + pgpPrtStr("", pgpMpiStr(p)); pgpPrtNL(); } @@ -1031,7 +1033,7 @@ pgpPkt pp = (pgpPkt) alloca(sizeof(*pp)); int rc = pgpPktLen(pkt, pktlen, pp); -if (!(pp->tag == PGPTAG_PUBLIC_KEY || pp->tag == PGPTAG_PUBLIC_SUBKEY)) +if (rc < 0 || !(pp->tag == PGPTAG_PUBLIC_KEY || pp->tag == PGPTAG_PUBLIC_SUBKEY)) return -1; /* Choose the correct keyid. */ @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmodbc.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 03-Apr-2016 22:37:38 Branch: rpm-5_4 Handle: 2016040320373800 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmodbc.c Log: - typo. Summary: RevisionChanges Path 1.1.2.19+1 -1 rpm/rpmio/rpmodbc.c patch -p0 <<'@@ .' Index: rpm/rpmio/rpmodbc.c $ cvs diff -u -r1.1.2.18 -r1.1.2.19 rpmodbc.c --- rpm/rpmio/rpmodbc.c 11 May 2015 21:10:19 - 1.1.2.18 +++ rpm/rpmio/rpmodbc.c 3 Apr 2016 20:37:38 - 1.1.2.19 @@ -1263,7 +1263,7 @@ urlinfo u = NULL; xx = urlSplit(fn, ); -assert(ut == URL_IS_MYSQL || ut == URL_IS_POSTGRES || URL_IS_SQLSERVER); +assert(ut == URL_IS_MYSQL || ut == URL_IS_POSTGRES || ut == URL_IS_SQLSERVER); odbc->db = rpmExpand(u->scheme, "_", basename((char *)dbpath), NULL); odbc->u = urlLink(u, __FUNCTION__); } @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org