@DemiMarie pushed 1 commit.
e02bf8213191e53ddde98171ab2ba8900c33833b A header with count zero has length
zero
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
Negating INT32_MIN is undefined behavior, so we must prevent it.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1502
-- Commit Summary --
* Avoid negating an attacker-controlled signed integer
-- File Changes --
M
This pull request **introduces 1 alert** when merging
9e7b746b1d419135b0f175b875a9023762dce87a into
5ce2b5e3121aa07eb1ccf2bc24443c1536bf94d5 - [view on
LGTM.com](https://lgtm.com/projects/g/rpm-software-management/rpm/rev/pr-af2eb5afc56e75f307e29688f00cf48eb1ddb722)
**new alerts:**
* 1 for
We want to remove as many forms of undefined behavior as we can. This
adds flags to make integer and pointer overflows well-defined.
Furthermore, it turns on strong stack protection.
You can view, comment on, or merge this pull request online at:
This is already checked for other headers.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1498
-- Commit Summary --
* Verify that data does not overlap region trailer
-- File Changes --
M lib/header.c (5)
-- Patch
Functions in the public RPM API use hdrblobInit() to import an RPM
header from memory, but that skips critical checks. Fix this by not
skipping these checks.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1500
-- Commit
This prevents integer overflows.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1497
-- Commit Summary --
* Check that len is in range before using it
-- File Changes --
M lib/header.c (8)
-- Patch Links --
Otherwise, we will dereference a misaligned pointer, which is undefined
behavior.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1499
-- Commit Summary --
* ‘hdrblobInit’: check pointer is 8-byte aligned
-- File Changes
Such headers are useless and might cause problems elsewhere.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1495
-- Commit Summary --
* Forbid headers with only a region
-- File Changes --
M lib/header.c (6)
--
Previously we would suffer an integer underflow in this case.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1496
-- Commit Summary --
* A header with count zero has length zero
-- File Changes --
M lib/header.c (3)
This is already checked in regionSwab() but it is better to check it
earlier, in case someone uses hdrblobInit() without hdrblobImport().
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1493
-- Commit Summary --
* Check
This ensures adding ‘REGION_TAG_COUNT’ to it will not overflow.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1494
-- Commit Summary --
* Check that ‘einfo.offset’ is reasonable
-- File Changes --
M lib/header.c (3)
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1488
-- Commit Summary --
* Clean up rdl calculation
-- File Changes --
M lib/header.c (4)
-- Patch Links --
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1490
-- Commit Summary --
* Add a fuzz target for ‘headerImport’
* Fuzz headerExport() too
-- File Changes --
M lib/header.c (50)
-- Patch Links --
The ‘end’ parameter to ‘strtaglen’ might point past the end of an
allocation. Therefore, if ‘start’ becomes equal to ‘end’, return an
error without calling ‘memchr’ on that pointer.
You can view, comment on, or merge this pull request online at:
This avoids any possible integer overflows.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1492
-- Commit Summary --
* Check that count and data length are reasonable
-- File Changes --
M lib/header.c (3)
-- Patch
This avoids a potential out-of-bounds read in dataLength().
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1491
-- Commit Summary --
* Check that type and length are not out of range
-- File Changes --
M lib/header.c
> Please split off the commits with actual reproducer to a separate PR, and
> make the reproducers available someplace. That allows us to prioritize,
> properly reviewing this kind of stuff is a lot of work.
Will do. I only have reproducers for a small subset of these, though.
> Second, split
DT_RPATH has been deprecated in favour of DT_RUNPATH for some time now
and both have similar functionality. RUNPATH is less infectious,
i.e. it does not affect search paths for dependency resolution of
dependencies, but that only limits the issues insecure paths may cause
and does not eliminate
@pmatilai requested changes on this pull request.
Please split off the commits with actual reproducer to a separate PR, and make
the reproducers available someplace.
Second, split this further into smaller PRs, this kind of pile-up is impossible
to meaningfully review in GH. Stick to just a
@pmatilai requested changes on this pull request.
See above, bunch of mostly minor issues and some questions to address.
> +return RPMRC_OK;
+}
+
+if (stat(state->fifo_path, ) == -1) {
+rpmlog(RPMLOG_DEBUG, "Stat: %s -> %s\n", state->fifo_path,
strerror(errno));
+
Speaking of file trigger issues: what's the deal with the
%transfiletriggerpostun triggers? Why are they not fed a list of matching files
so they can check if there is really something to do? And why is the
implementation so weird? I don't see any reason for that
@pmatilai commented on this pull request.
> @@ -845,6 +845,14 @@
> AC_CHECK_HEADERS([linux/fsverity.h],[FSVERITY_IOCTL="yes"])
])
AM_CONDITIONAL(FSVERITY_IOCTL,[test "x$FSVERITY_IOCTL" = xyes])
+#=
+# Check for fapolicyd support
+AC_ARG_WITH(fapolicyd,
A couple of random thoughts:
- I think we'd want the generated specs parse occur before `%check` because you
want to get possible packaging errors as soon as possible, and test-suites can
take significant amount of time. And actually, I don't think we should allow
`%check` to affect the actual
24 matches
Mail list logo