michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame SOURCES/0001-Only-read-through-payload-on-verify-if-actually-need.patch

83a7c7
From 362c4401979f896de1e69a3e18d33954953912cc Mon Sep 17 00:00:00 2001
83a7c7
Message-Id: <362c4401979f896de1e69a3e18d33954953912cc.1554983588.git.pmatilai@redhat.com>
83a7c7
From: Panu Matilainen <pmatilai@redhat.com>
83a7c7
Date: Tue, 11 Dec 2018 13:21:47 +0200
83a7c7
Subject: [PATCH] Only read through payload on verify if actually needed
83a7c7
83a7c7
If none of our verify items ranges over the payload, then why bother?
83a7c7
83a7c7
To do this, add an internal rpmvs API to get it's range, and use
83a7c7
that to decide whether trip over the payload is needed or not.
83a7c7
In addition, the payload digest tag needs to be grabbed outside of the
83a7c7
condition to avoid depending on other values. The details including
83a7c7
RPMVSF_NEEDPAYLOAD will be handled internally to rpmvs which makes it
83a7c7
actually nicer code-wise too.
83a7c7
---
83a7c7
 lib/rpmchecksig.c |  8 ++++----
83a7c7
 lib/rpmvs.c       | 12 ++++++++++++
83a7c7
 lib/rpmvs.h       |  3 +++
83a7c7
 3 files changed, 19 insertions(+), 4 deletions(-)
83a7c7
83a7c7
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
83a7c7
index 1ba72a45e..810f7153d 100644
83a7c7
--- a/lib/rpmchecksig.c
83a7c7
+++ b/lib/rpmchecksig.c
83a7c7
@@ -187,11 +187,11 @@ rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd,
83a7c7
     /* Finalize header range */
83a7c7
     rpmvsFiniRange(vs, RPMSIG_HEADER);
83a7c7
 
83a7c7
-    /* Unless disabled, read the payload, generating digest(s) on the fly. */
83a7c7
-    if (!(rpmvsFlags(vs) & RPMVSF_NEEDPAYLOAD)) {
83a7c7
-	/* Fish interesting tags from the main header. This is a bit hacky... */
83a7c7
-	rpmvsAppendTag(vs, blob, RPMTAG_PAYLOADDIGEST);
83a7c7
+    /* Fish interesting tags from the main header. This is a bit hacky... */
83a7c7
+    rpmvsAppendTag(vs, blob, RPMTAG_PAYLOADDIGEST);
83a7c7
 
83a7c7
+    /* If needed and not explicitly disabled, read the payload as well. */
83a7c7
+    if (rpmvsRange(vs) & RPMSIG_PAYLOAD) {
83a7c7
 	/* Initialize digests ranging over the payload only */
83a7c7
 	rpmvsInitRange(vs, RPMSIG_PAYLOAD);
83a7c7
 
83a7c7
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
83a7c7
index 622e48011..0d475af86 100644
83a7c7
--- a/lib/rpmvs.c
83a7c7
+++ b/lib/rpmvs.c
83a7c7
@@ -396,6 +396,18 @@ void rpmvsFiniRange(struct rpmvs_s *sis, int range)
83a7c7
     }
83a7c7
 }
83a7c7
 
83a7c7
+int rpmvsRange(struct rpmvs_s *vs)
83a7c7
+{
83a7c7
+    int range = 0;
83a7c7
+    for (int i = 0; i < vs->nsigs; i++) {
83a7c7
+	if (rpmsinfoDisabled(&vs->sigs[i], vs->vsflags))
83a7c7
+	    continue;
83a7c7
+	range |= vs->sigs[i].range;
83a7c7
+    }
83a7c7
+
83a7c7
+    return range;
83a7c7
+}
83a7c7
+
83a7c7
 static int sinfoCmp(const void *a, const void *b)
83a7c7
 {
83a7c7
     const struct rpmsinfo_s *sa = a;
b7b8f7
--- rpm-4.14.3/lib/rpmvs.h.orig	2020-04-28 10:57:19.727347211 +0200
b7b8f7
+++ rpm-4.14.3/lib/rpmvs.h	2020-04-28 10:57:43.622612015 +0200
b7b8f7
@@ -66,6 +66,8 @@
b7b8f7
 
83a7c7
 void rpmvsFiniRange(struct rpmvs_s *sis, int range);
83a7c7
 
b7b8f7
+int rpmvsRange(struct rpmvs_s *vs); 
83a7c7
+
83a7c7
 int rpmvsVerify(struct rpmvs_s *sis, int type,
83a7c7
                        rpmsinfoCb cb, void *cbdata);
b7b8f7
 
83a7c7
-- 
83a7c7
2.20.1