Re: [Rpm-maint] [rpm-software-management/rpm] RFE: Verify tag types explicitly when loading a header (#414)
Yup, obviously. I remember looking but don't remember why I didn't actually do this in the mass-refactoring prior to 4.14, maybe the todo-note just fell of the overflowing table, so to speak. So thanks for the reminder. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/414#issuecomment-372987276___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFE: Verify tag types explicitly when loading a header (#414)
Closed #414 via dfd236d8b41a60f6bfad75db55f07b9617d191ad. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/414#event-1520683877___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] RFE: Verify tag types explicitly when loading a header (#414)
The existing low level sanity test on tag data type in a header checks only that the data type is within range. What is *NOT* not checked is that a header tag has the expected type. An unexpected data type can cause many issues at higher API levels. Replacing (and possibly backporting) the existing sanity range check using the expected type is a necessary precursor to any improvement to data typing in rpm, and also -- if done while a header is being loaded -- hardens *.rpm headers from fuzzing attacks and makes high level checks on type unnecessary when accessing header tag data. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/414___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
