|
 |
d7fc72 |
From e219c9548d16a3c18dd261f7043bb8d221b87c77 Mon Sep 17 00:00:00 2001
|
|
|
d7fc72 |
From: Panu Matilainen <pmatilai@redhat.com>
|
|
|
d7fc72 |
Date: Wed, 31 Jul 2019 11:56:26 +0300
|
|
|
d7fc72 |
Subject: [PATCH] Fix off-by-one in hdrblobGet() making last entry unreachable
|
|
|
d7fc72 |
(RhBug:1722921)
|
|
|
d7fc72 |
|
|
|
d7fc72 |
hdrblobGet() introduced in commits acfde0d0e812e9f8e153ab6be8c9f2682bdd4763
|
|
|
d7fc72 |
and 9821de18811db97238c34a564221e315f5f35b44 has an off-by-one thinko
|
|
|
d7fc72 |
(perhaps the idea was to skip the first, region tag) which causes
|
|
|
d7fc72 |
the last entry to be unreachable. In typical packages, that is
|
|
|
d7fc72 |
RPMSIG_PAYLOADSIZE which is not used at all in this context so it doesn't
|
|
|
d7fc72 |
matter, but in large packages use RPMSIG_LONGARCHIVESIZE which has a lower
|
|
|
d7fc72 |
tag number and leaves either RPMSIGTAG_MD5 or RPMSIGTAG_GPG last,
|
|
|
d7fc72 |
unreachable and thus unverifiable. Oops.
|
|
|
d7fc72 |
|
|
|
d7fc72 |
This fixes the regression introduced in rpm 4.14, affecting verification
|
|
|
d7fc72 |
of large packages (ie having RPMSIG_LONGARCHIVESIZE)
|
|
|
d7fc72 |
---
|
|
|
d7fc72 |
lib/header.c | 2 +-
|
|
|
d7fc72 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
d7fc72 |
|
|
|
d7fc72 |
diff --git a/lib/header.c b/lib/header.c
|
|
|
d7fc72 |
index 33623884a..9ec7ed0e4 100644
|
|
|
d7fc72 |
--- a/lib/header.c
|
|
|
d7fc72 |
+++ b/lib/header.c
|
|
|
d7fc72 |
@@ -2015,7 +2015,7 @@ rpmRC hdrblobGet(hdrblob blob, uint32_t tag, rpmtd td)
|
|
|
d7fc72 |
memset(&einfo, 0, sizeof(einfo));
|
|
|
d7fc72 |
rpmtdReset(td);
|
|
|
d7fc72 |
|
|
|
d7fc72 |
- for (int i = 1; i < blob->il; i++, pe++) {
|
|
|
d7fc72 |
+ for (int i = 0; i < blob->il; i++, pe++) {
|
|
|
d7fc72 |
if (pe->tag != ntag)
|
|
|
d7fc72 |
continue;
|
|
|
d7fc72 |
ei2h(pe, &einfo);
|
|
|
d7fc72 |
--
|
|
|
d7fc72 |
2.21.0
|
|
|
d7fc72 |
|