Don't confuse OpenScanHub with false array overrun, take II
We are intentionally skipping just past the header here (see RFC 4880 for details) so make that explicit by moving the pointer relative to the header's start as opposed to relative to the pointer itself. This is equivalent to the previous expression but makes OpenScanHub happy. Resolves: RHEL-22607
This commit is contained in:
Michal Domonkos
parent
671ef971c9
commit
b082297b5f
35
0001-Skip-to-hashed-subpacket-data-directly.patch
Normal file
35
0001-Skip-to-hashed-subpacket-data-directly.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 331afbf2b6b32582b29ceadcd37b43a4f905b7f4 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Domonkos <mdomonko@redhat.com>
|
||||
Date: Mon, 5 Aug 2024 14:40:57 +0200
|
||||
Subject: [PATCH] Skip to hashed subpacket data directly
|
||||
|
||||
Make OpenScanHub grok the bigger picture here, instead of producing a
|
||||
spurious overrun warning for v->hashlen when we're dereferencing p
|
||||
later.
|
||||
|
||||
No functional change.
|
||||
|
||||
Resolves: RHEL-22607
|
||||
---
|
||||
rpmio/rpmpgp.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
|
||||
index d0688ebe9..6a7049954 100644
|
||||
--- a/rpmio/rpmpgp.c
|
||||
+++ b/rpmio/rpmpgp.c
|
||||
@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
|
||||
pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
|
||||
pgpPrtNL();
|
||||
|
||||
- p = &v->hashlen[0];
|
||||
if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
|
||||
return 1;
|
||||
- p += sizeof(v->hashlen);
|
||||
+ p = h + sizeof(*v);
|
||||
|
||||
if ((p + plen) > (h + hlen))
|
||||
return 1;
|
||||
--
|
||||
2.45.2
|
||||
|
||||
4
rpm.spec
4
rpm.spec
@ -32,7 +32,7 @@
|
||||
|
||||
%global rpmver 4.16.1.3
|
||||
#global snapver rc1
|
||||
%global rel 32
|
||||
%global rel 33
|
||||
%global sover 9
|
||||
|
||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||
@ -136,6 +136,7 @@ Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
|
||||
Patch1001: rpm-4.16.1.3-find_debuginfo_vendor_opts.patch
|
||||
Patch1002: 0001-Macroize-find-debuginfo-script-location.patch
|
||||
Patch1003: 0001-Fix-root-relocation-regression.patch
|
||||
Patch1004: 0001-Skip-to-hashed-subpacket-data-directly.patch
|
||||
|
||||
# Partially GPL/LGPL dual-licensed and some bits with BSD
|
||||
# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
|
||||
@ -666,6 +667,7 @@ fi
|
||||
%changelog
|
||||
* Mon Aug 05 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-33
|
||||
- Fix root relocation regression (RHEL-28967)
|
||||
- Don't confuse OpenScanHub with false array overrun (RHEL-22607)
|
||||
|
||||
* Fri Jul 12 2024 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-32
|
||||
- Revert incorrect fix for false array overrun (RHEL-22607)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user