Don't confuse OpenScanHub with false array overrun

We are intentionally skipping just past the header here (see RFC 4880 for details) so make that explicit by moving the pointer relative to the header's start as opposed to relative to the pointer itself. This is equivalent to the previous expression but makes OpenScanHub happy. Resolves: RHEL-22607
2024-07-11 13:32:28 +02:00 · 2024-07-11 13:32:28 +02:00 · ae9528bbef
commit ae9528bbef
parent e0ff81088a
2 changed files with 14 additions and 0 deletions
--- a/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch
+++ b/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch
@ -0,0 +1,12 @@
+diff -up rpm-4.16.1.3/rpmio/rpmpgp.c.orig rpm-4.16.1.3/rpmio/rpmpgp.c
+--- rpm-4.16.1.3/rpmio/rpmpgp.c.orig	2024-07-11 13:20:04.872431485 +0200
+++ rpm-4.16.1.3/rpmio/rpmpgp.c	2024-07-11 13:20:33.828279453 +0200
+@@ -619,7 +619,7 @@ static int pgpPrtSig(pgpTag tag, const u
+ 	p = &v->hashlen[0];
+ 	if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
+ 	    return 1;
+-	p += sizeof(v->hashlen);
+	p = h + sizeof(v);
+ 
+ 	if ((p + plen) > (h + hlen))
+ 	    return 1;
--- a/rpm.spec
+++ b/rpm.spec
@ -133,6 +133,7 @@ Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch
 Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
 Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
 Patch1002: 0001-Macroize-find-debuginfo-script-location.patch
+Patch1003: rpm-4.16.1.3-pgp-explicit-pointer-increment.patch

 # Partially GPL/LGPL dual-licensed and some bits with BSD
 # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
@ -664,6 +665,7 @@ fi
 * Thu Jul 11 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-31
 - Fix potential use of uninitialized pipe array (RHEL-22604)
 - Fix potential use of uninitialized pgp struct (RHEL-22605)
+- Don't confuse OpenScanHub with false array overrun (RHEL-22607)

 * Mon Jun 03 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-30
 - Don't segfault on missing priority tag (RHEL-35249)