rpms/rpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity
cf0fff1708
rpm/rpm-4.16.1.3-pgp-explicit-pointer-increment.patch
Michal Domonkos ae9528bbef Don't confuse OpenScanHub with false array overrun 
We are intentionally skipping just past the header here (see RFC 4880
for details) so make that explicit by moving the pointer relative to the
header's start as opposed to relative to the pointer itself.

This is equivalent to the previous expression but makes OpenScanHub
happy.

Resolves: RHEL-22607
2024-07-11 17:49:43 +02:00

13 lines
470 B
Diff
Raw Blame History

diff -up rpm-4.16.1.3/rpmio/rpmpgp.c.orig rpm-4.16.1.3/rpmio/rpmpgp.c
--- rpm-4.16.1.3/rpmio/rpmpgp.c.orig 2024-07-11 13:20:04.872431485 +0200
+++ rpm-4.16.1.3/rpmio/rpmpgp.c 2024-07-11 13:20:33.828279453 +0200
@@ -619,7 +619,7 @@ static int pgpPrtSig(pgpTag tag, const u
p = &v->hashlen[0];
if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
return 1;
- p += sizeof(v->hashlen);
+ p = h + sizeof(v);
if ((p + plen) > (h + hlen))
return 1;
Reference in New Issue View Git Blame Copy Permalink