michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch

0b2921
From 362c4401979f896de1e69a3e18d33954953912cc Mon Sep 17 00:00:00 2001
0b2921
Message-Id: <362c4401979f896de1e69a3e18d33954953912cc.1554983588.git.pmatilai@redhat.com>
0b2921
From: Panu Matilainen <pmatilai@redhat.com>
0b2921
Date: Tue, 11 Dec 2018 13:21:47 +0200
0b2921
Subject: [PATCH] Only read through payload on verify if actually needed
0b2921
0b2921
If none of our verify items ranges over the payload, then why bother?
0b2921
0b2921
To do this, add an internal rpmvs API to get it's range, and use
0b2921
that to decide whether trip over the payload is needed or not.
0b2921
In addition, the payload digest tag needs to be grabbed outside of the
0b2921
condition to avoid depending on other values. The details including
0b2921
RPMVSF_NEEDPAYLOAD will be handled internally to rpmvs which makes it
0b2921
actually nicer code-wise too.
0b2921
---
0b2921
 lib/rpmchecksig.c |  8 ++++----
0b2921
 lib/rpmvs.c       | 12 ++++++++++++
0b2921
 lib/rpmvs.h       |  3 +++
0b2921
 3 files changed, 19 insertions(+), 4 deletions(-)
0b2921
0b2921
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
0b2921
index 1ba72a45e..810f7153d 100644
0b2921
--- a/lib/rpmchecksig.c
0b2921
+++ b/lib/rpmchecksig.c
0b2921
@@ -187,11 +187,11 @@ rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd,
0b2921
     /* Finalize header range */
0b2921
     rpmvsFiniRange(vs, RPMSIG_HEADER);
0b2921
 
0b2921
-    /* Unless disabled, read the payload, generating digest(s) on the fly. */
0b2921
-    if (!(rpmvsFlags(vs) & RPMVSF_NEEDPAYLOAD)) {
0b2921
-	/* Fish interesting tags from the main header. This is a bit hacky... */
0b2921
-	rpmvsAppendTag(vs, blob, RPMTAG_PAYLOADDIGEST);
0b2921
+    /* Fish interesting tags from the main header. This is a bit hacky... */
0b2921
+    rpmvsAppendTag(vs, blob, RPMTAG_PAYLOADDIGEST);
0b2921
 
0b2921
+    /* If needed and not explicitly disabled, read the payload as well. */
0b2921
+    if (rpmvsRange(vs) & RPMSIG_PAYLOAD) {
0b2921
 	/* Initialize digests ranging over the payload only */
0b2921
 	rpmvsInitRange(vs, RPMSIG_PAYLOAD);
0b2921
 
0b2921
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
0b2921
index 622e48011..0d475af86 100644
0b2921
--- a/lib/rpmvs.c
0b2921
+++ b/lib/rpmvs.c
0b2921
@@ -396,6 +396,18 @@ void rpmvsFiniRange(struct rpmvs_s *sis, int range)
0b2921
     }
0b2921
 }
0b2921
 
0b2921
+int rpmvsRange(struct rpmvs_s *vs)
0b2921
+{
0b2921
+    int range = 0;
0b2921
+    for (int i = 0; i < vs->nsigs; i++) {
0b2921
+	if (rpmsinfoDisabled(&vs->sigs[i], vs->vsflags))
0b2921
+	    continue;
0b2921
+	range |= vs->sigs[i].range;
0b2921
+    }
0b2921
+
0b2921
+    return range;
0b2921
+}
0b2921
+
0b2921
 static int sinfoCmp(const void *a, const void *b)
0b2921
 {
0b2921
     const struct rpmsinfo_s *sa = a;
467d1d
--- rpm-4.14.3/lib/rpmvs.h.orig	2020-04-28 10:57:19.727347211 +0200
467d1d
+++ rpm-4.14.3/lib/rpmvs.h	2020-04-28 10:57:43.622612015 +0200
467d1d
@@ -66,6 +66,8 @@
467d1d
 
0b2921
 void rpmvsFiniRange(struct rpmvs_s *sis, int range);
0b2921
 
467d1d
+int rpmvsRange(struct rpmvs_s *vs); 
0b2921
+
0b2921
 int rpmvsVerify(struct rpmvs_s *sis, int type,
0b2921
                        rpmsinfoCb cb, void *cbdata);
467d1d
 
0b2921
-- 
0b2921
2.20.1