rpms/rpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity
b082297b5f
rpm/0001-Skip-to-hashed-subpacket-data-directly.patch

36 lines
953 B
Diff
Raw Normal View History

Don't confuse OpenScanHub with false array overrun, take II We are intentionally skipping just past the header here (see RFC 4880 for details) so make that explicit by moving the pointer relative to the header's start as opposed to relative to the pointer itself. This is equivalent to the previous expression but makes OpenScanHub happy. Resolves: RHEL-22607
2024-07-11 11:32:28 +00:00
From 331afbf2b6b32582b29ceadcd37b43a4f905b7f4 Mon Sep 17 00:00:00 2001
From: Michal Domonkos <mdomonko@redhat.com>
Date: Mon, 5 Aug 2024 14:40:57 +0200
Subject: [PATCH] Skip to hashed subpacket data directly
Make OpenScanHub grok the bigger picture here, instead of producing a
spurious overrun warning for v->hashlen when we're dereferencing p
later.
No functional change.
Resolves: RHEL-22607
---
rpmio/rpmpgp.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index d0688ebe9..6a7049954 100644
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
pgpPrtNL();
- p = &v->hashlen[0];
if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
return 1;
- p += sizeof(v->hashlen);
+ p = h + sizeof(*v);
if ((p + plen) > (h + hlen))
return 1;
--
2.45.2
Reference in New Issue Copy Permalink