From b082297b5feb0d7903706aa0417118981f512a59 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Aug 05 2024 14:26:24 +0000 Subject: Don't confuse OpenScanHub with false array overrun, take II We are intentionally skipping just past the header here (see RFC 4880 for details) so make that explicit by moving the pointer relative to the header's start as opposed to relative to the pointer itself. This is equivalent to the previous expression but makes OpenScanHub happy. Resolves: RHEL-22607 --- diff --git a/0001-Skip-to-hashed-subpacket-data-directly.patch b/0001-Skip-to-hashed-subpacket-data-directly.patch new file mode 100644 index 0000000..f0eaf1f --- /dev/null +++ b/0001-Skip-to-hashed-subpacket-data-directly.patch @@ -0,0 +1,35 @@ +From 331afbf2b6b32582b29ceadcd37b43a4f905b7f4 Mon Sep 17 00:00:00 2001 +From: Michal Domonkos +Date: Mon, 5 Aug 2024 14:40:57 +0200 +Subject: [PATCH] Skip to hashed subpacket data directly + +Make OpenScanHub grok the bigger picture here, instead of producing a +spurious overrun warning for v->hashlen when we're dereferencing p +later. + +No functional change. + +Resolves: RHEL-22607 +--- + rpmio/rpmpgp.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c +index d0688ebe9..6a7049954 100644 +--- a/rpmio/rpmpgp.c ++++ b/rpmio/rpmpgp.c +@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, + pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype); + pgpPrtNL(); + +- p = &v->hashlen[0]; + if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen)) + return 1; +- p += sizeof(v->hashlen); ++ p = h + sizeof(*v); + + if ((p + plen) > (h + hlen)) + return 1; +-- +2.45.2 + diff --git a/rpm.spec b/rpm.spec index 13f3ec5..97a9cb2 100644 --- a/rpm.spec +++ b/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.16.1.3 #global snapver rc1 -%global rel 32 +%global rel 33 %global sover 9 %global srcver %{rpmver}%{?snapver:-%{snapver}} @@ -136,6 +136,7 @@ Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch Patch1002: 0001-Macroize-find-debuginfo-script-location.patch Patch1003: 0001-Fix-root-relocation-regression.patch +Patch1004: 0001-Skip-to-hashed-subpacket-data-directly.patch # Partially GPL/LGPL dual-licensed and some bits with BSD # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD @@ -666,6 +667,7 @@ fi %changelog * Mon Aug 05 2024 Michal Domonkos - 4.16.1.3-33 - Fix root relocation regression (RHEL-28967) +- Don't confuse OpenScanHub with false array overrun (RHEL-22607) * Fri Jul 12 2024 Michal Domonkos - 4.16.1.3-32 - Revert incorrect fix for false array overrun (RHEL-22607)