From ae9528bbef8b05883ae08ad345e4f945c04ad0ff Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Jul 11 2024 15:49:43 +0000 Subject: Don't confuse OpenScanHub with false array overrun We are intentionally skipping just past the header here (see RFC 4880 for details) so make that explicit by moving the pointer relative to the header's start as opposed to relative to the pointer itself. This is equivalent to the previous expression but makes OpenScanHub happy. Resolves: RHEL-22607 --- diff --git a/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch b/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch new file mode 100644 index 0000000..217597a --- /dev/null +++ b/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch @@ -0,0 +1,12 @@ +diff -up rpm-4.16.1.3/rpmio/rpmpgp.c.orig rpm-4.16.1.3/rpmio/rpmpgp.c +--- rpm-4.16.1.3/rpmio/rpmpgp.c.orig 2024-07-11 13:20:04.872431485 +0200 ++++ rpm-4.16.1.3/rpmio/rpmpgp.c 2024-07-11 13:20:33.828279453 +0200 +@@ -619,7 +619,7 @@ static int pgpPrtSig(pgpTag tag, const u + p = &v->hashlen[0]; + if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen)) + return 1; +- p += sizeof(v->hashlen); ++ p = h + sizeof(v); + + if ((p + plen) > (h + hlen)) + return 1; diff --git a/rpm.spec b/rpm.spec index 108e55f..8a52d3c 100644 --- a/rpm.spec +++ b/rpm.spec @@ -133,6 +133,7 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch Patch1002: 0001-Macroize-find-debuginfo-script-location.patch +Patch1003: rpm-4.16.1.3-pgp-explicit-pointer-increment.patch # Partially GPL/LGPL dual-licensed and some bits with BSD # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD @@ -664,6 +665,7 @@ fi * Thu Jul 11 2024 Michal Domonkos - 4.16.1.3-31 - Fix potential use of uninitialized pipe array (RHEL-22604) - Fix potential use of uninitialized pgp struct (RHEL-22605) +- Don't confuse OpenScanHub with false array overrun (RHEL-22607) * Mon Jun 03 2024 Michal Domonkos - 4.16.1.3-30 - Don't segfault on missing priority tag (RHEL-35249)