alexk / rpms / rpm

Forked from rpms/rpm 2 years ago
Clone
d7fc72
From e219c9548d16a3c18dd261f7043bb8d221b87c77 Mon Sep 17 00:00:00 2001
d7fc72
From: Panu Matilainen <pmatilai@redhat.com>
d7fc72
Date: Wed, 31 Jul 2019 11:56:26 +0300
d7fc72
Subject: [PATCH] Fix off-by-one in hdrblobGet() making last entry unreachable
d7fc72
 (RhBug:1722921)
d7fc72
d7fc72
hdrblobGet() introduced in commits acfde0d0e812e9f8e153ab6be8c9f2682bdd4763
d7fc72
and 9821de18811db97238c34a564221e315f5f35b44 has an off-by-one thinko
d7fc72
(perhaps the idea was to skip the first, region tag) which causes
d7fc72
the last entry to be unreachable. In typical packages, that is
d7fc72
RPMSIG_PAYLOADSIZE which is not used at all in this context so it doesn't
d7fc72
matter, but in large packages use RPMSIG_LONGARCHIVESIZE which has a lower
d7fc72
tag number and leaves either RPMSIGTAG_MD5 or RPMSIGTAG_GPG last,
d7fc72
unreachable and thus unverifiable. Oops.
d7fc72
d7fc72
This fixes the regression introduced in rpm 4.14, affecting verification
d7fc72
of large packages (ie having RPMSIG_LONGARCHIVESIZE)
d7fc72
---
d7fc72
 lib/header.c | 2 +-
d7fc72
 1 file changed, 1 insertion(+), 1 deletion(-)
d7fc72
d7fc72
diff --git a/lib/header.c b/lib/header.c
d7fc72
index 33623884a..9ec7ed0e4 100644
d7fc72
--- a/lib/header.c
d7fc72
+++ b/lib/header.c
d7fc72
@@ -2015,7 +2015,7 @@ rpmRC hdrblobGet(hdrblob blob, uint32_t tag, rpmtd td)
d7fc72
     memset(&einfo, 0, sizeof(einfo));
d7fc72
     rpmtdReset(td);
d7fc72
 
d7fc72
-    for (int i = 1; i < blob->il; i++, pe++) {
d7fc72
+    for (int i = 0; i < blob->il; i++, pe++) {
d7fc72
 	if (pe->tag != ntag)
d7fc72
 	    continue;
d7fc72
 	ei2h(pe, &einfo);
d7fc72
-- 
d7fc72
2.21.0
d7fc72