Tree - rpms/rpm - CentOS Git server

teknoraver / rpms / rpm

Forked from rpms/rpm 2 months ago

Source
Stats

Blame 0001-Skip-to-hashed-subpacket-data-directly.patch

Blob History Raw

Michal Domonkos	b08229	`From 331afbf2b6b32582b29ceadcd37b43a4f905b7f4 Mon Sep 17 00:00:00 2001`
Michal Domonkos	b08229	`From: Michal Domonkos <mdomonko@redhat.com>`
Michal Domonkos	b08229	`Date: Mon, 5 Aug 2024 14:40:57 +0200`
Michal Domonkos	b08229	`Subject: [PATCH] Skip to hashed subpacket data directly`
Michal Domonkos	b08229
Michal Domonkos	b08229	`Make OpenScanHub grok the bigger picture here, instead of producing a`
Michal Domonkos	b08229	`spurious overrun warning for v->hashlen when we're dereferencing p`
Michal Domonkos	b08229	`later.`
Michal Domonkos	b08229
Michal Domonkos	b08229	`No functional change.`
Michal Domonkos	b08229
Michal Domonkos	b08229	`Resolves: RHEL-22607`
Michal Domonkos	b08229	`---`
Michal Domonkos	b08229	`rpmio/rpmpgp.c \| 3 +--`
Michal Domonkos	b08229	`1 file changed, 1 insertion(+), 2 deletions(-)`
Michal Domonkos	b08229
Michal Domonkos	b08229	`diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c`
Michal Domonkos	b08229	`index d0688ebe9..6a7049954 100644`
Michal Domonkos	b08229	`--- a/rpmio/rpmpgp.c`
Michal Domonkos	b08229	`+++ b/rpmio/rpmpgp.c`
Michal Domonkos	b08229	`@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,`
Michal Domonkos	b08229	`pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);`
Michal Domonkos	b08229	`pgpPrtNL();`
Michal Domonkos	b08229
Michal Domonkos	b08229	`- p = &v->hashlen[0];`
Michal Domonkos	b08229	`if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))`
Michal Domonkos	b08229	`return 1;`
Michal Domonkos	b08229	`- p += sizeof(v->hashlen);`
Michal Domonkos	b08229	`+ p = h + sizeof(*v);`
Michal Domonkos	b08229
Michal Domonkos	b08229	`if ((p + plen) > (h + hlen))`
Michal Domonkos	b08229	`return 1;`
Michal Domonkos	b08229	`--`
Michal Domonkos	b08229	`2.45.2`
Michal Domonkos	b08229

teknoraver / rpms / rpm

Source Code

Blame 0001-Skip-to-hashed-subpacket-data-directly.patch