195 lines
6.6 KiB
Diff
195 lines
6.6 KiB
Diff
From 495f25f7198fb1e0163a7ae55de55576d9dc6fe5 Mon Sep 17 00:00:00 2001
|
|
From: Panu Matilainen <pmatilai@redhat.com>
|
|
Date: Mon, 29 Nov 2021 14:01:39 +0200
|
|
Subject: [PATCH] Fix IMA signature lengths assumed constant (#1833,
|
|
RhBug:2018937)
|
|
|
|
At least ECDSA and RSA signatures can vary in length, but the IMA code
|
|
assumes constant lengths and thus may either place invalid signatures on
|
|
disk from either truncating or overshooting, and segfault if the stars are
|
|
just so.
|
|
|
|
Luckily the signatures are stored as strings so we can calculate the
|
|
actual lengths at runtime and ignore the stored constant length info.
|
|
Extend hex2bin() to optionally calculate the lengths and maximum,
|
|
and use these for returning IMA data from the rpmfi(les) API.
|
|
|
|
Additionally update the signing code to store the largest IMA signature
|
|
length rather than what happened to be last to be on the safe side.
|
|
We can't rely on this value due to invalid packages being out there,
|
|
but then we need to calculate the lengths on rpmfiles populate so there's
|
|
not a lot to gain anyhow.
|
|
|
|
Fixes: #1833
|
|
|
|
Combined with 0c1ad364d65c4144ff71c376e0b49fbc322b686d and backported
|
|
for 4.16.1.3. Note that the test case has been removed due to it
|
|
including a binary file (test package) for which we'd have to use -Sgit
|
|
with %autopatch and thus depend on git-core at build time.
|
|
Nevertheless, we do have this BZ covered in our internal test suite, so
|
|
no need for it anyway.
|
|
---
|
|
lib/rpmfi.c | 43 ++++++++++++++++++++++++++++++++++---------
|
|
python/rpmfiles-py.c | 18 ++++++++++++++++++
|
|
sign/rpmsignfiles.c | 5 ++++-
|
|
3 files changed, 56 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
|
|
index af428468c..0878d78f2 100644
|
|
--- a/lib/rpmfi.c
|
|
+++ b/lib/rpmfi.c
|
|
@@ -115,7 +115,8 @@ struct rpmfiles_s {
|
|
struct fingerPrint_s * fps; /*!< File fingerprint(s). */
|
|
|
|
int digestalgo; /*!< File digest algorithm */
|
|
- int signaturelength; /*!< File signature length */
|
|
+ int *signaturelengths; /*!< File signature length */
|
|
+ int signaturemaxlen; /*!< Largest file signature length */
|
|
unsigned char * digests; /*!< File digests in binary. */
|
|
unsigned char * signatures; /*!< File signatures in binary. */
|
|
|
|
@@ -575,9 +576,9 @@ const unsigned char * rpmfilesFSignature(rpmfiles fi, int ix, size_t *len)
|
|
|
|
if (fi != NULL && ix >= 0 && ix < rpmfilesFC(fi)) {
|
|
if (fi->signatures != NULL)
|
|
- signature = fi->signatures + (fi->signaturelength * ix);
|
|
+ signature = fi->signatures + (fi->signaturemaxlen * ix);
|
|
if (len)
|
|
- *len = fi->signaturelength;
|
|
+ *len = fi->signaturelengths[ix];
|
|
}
|
|
return signature;
|
|
}
|
|
@@ -1257,6 +1258,7 @@ rpmfiles rpmfilesFree(rpmfiles fi)
|
|
fi->flangs = _free(fi->flangs);
|
|
fi->digests = _free(fi->digests);
|
|
fi->signatures = _free(fi->signatures);
|
|
+ fi->signaturelengths = _free(fi->signaturelengths);
|
|
fi->fcaps = _free(fi->fcaps);
|
|
|
|
fi->cdict = _free(fi->cdict);
|
|
@@ -1486,15 +1488,38 @@ err:
|
|
}
|
|
|
|
/* Convert a tag of hex strings to binary presentation */
|
|
-static uint8_t *hex2bin(Header h, rpmTagVal tag, rpm_count_t num, size_t len)
|
|
+/* If lengths is non-NULL, assume variable length strings */
|
|
+static uint8_t *hex2bin(Header h, rpmTagVal tag, rpm_count_t num, size_t len,
|
|
+ int **lengths, int *maxlen)
|
|
{
|
|
struct rpmtd_s td;
|
|
uint8_t *bin = NULL;
|
|
|
|
if (headerGet(h, tag, &td, HEADERGET_MINMEM) && rpmtdCount(&td) == num) {
|
|
- uint8_t *t = bin = xmalloc(num * len);
|
|
const char *s;
|
|
|
|
+ /* Figure string sizes + max length for allocation purposes */
|
|
+ if (lengths) {
|
|
+ int maxl = 0;
|
|
+ int *lens = xmalloc(num * sizeof(*lens));
|
|
+ int i = 0;
|
|
+
|
|
+ while ((s = rpmtdNextString(&td))) {
|
|
+ lens[i] = strlen(s) / 2;
|
|
+ if (lens[i] > maxl)
|
|
+ maxl = lens[i];
|
|
+ i++;
|
|
+ }
|
|
+
|
|
+ *lengths = lens;
|
|
+ *maxlen = maxl;
|
|
+ len = maxl;
|
|
+
|
|
+ /* Reinitialize iterator for next round */
|
|
+ rpmtdInit(&td);
|
|
+ }
|
|
+
|
|
+ uint8_t *t = bin = xmalloc(num * len);
|
|
while ((s = rpmtdNextString(&td))) {
|
|
if (*s == '\0') {
|
|
memset(t, 0, len);
|
|
@@ -1570,15 +1595,15 @@ static int rpmfilesPopulate(rpmfiles fi, Header h, rpmfiFlags flags)
|
|
/* grab hex digests from header and store in binary format */
|
|
if (!(flags & RPMFI_NOFILEDIGESTS)) {
|
|
size_t diglen = rpmDigestLength(fi->digestalgo);
|
|
- fi->digests = hex2bin(h, RPMTAG_FILEDIGESTS, totalfc, diglen);
|
|
+ fi->digests = hex2bin(h, RPMTAG_FILEDIGESTS, totalfc, diglen,
|
|
+ NULL, NULL);
|
|
}
|
|
|
|
fi->signatures = NULL;
|
|
/* grab hex signatures from header and store in binary format */
|
|
if (!(flags & RPMFI_NOFILESIGNATURES)) {
|
|
- fi->signaturelength = headerGetNumber(h, RPMTAG_FILESIGNATURELENGTH);
|
|
- fi->signatures = hex2bin(h, RPMTAG_FILESIGNATURES,
|
|
- totalfc, fi->signaturelength);
|
|
+ fi->signatures = hex2bin(h, RPMTAG_FILESIGNATURES, totalfc, 0,
|
|
+ &fi->signaturelengths, &fi->signaturemaxlen);
|
|
}
|
|
|
|
/* XXX TR_REMOVED doesn;t need fmtimes, frdevs, finodes */
|
|
diff --git a/python/rpmfiles-py.c b/python/rpmfiles-py.c
|
|
index 27666021d..48189a0ac 100644
|
|
--- a/python/rpmfiles-py.c
|
|
+++ b/python/rpmfiles-py.c
|
|
@@ -152,6 +152,22 @@ static PyObject *rpmfile_digest(rpmfileObject *s)
|
|
Py_RETURN_NONE;
|
|
}
|
|
|
|
+static PyObject *bytebuf(const unsigned char *buf, size_t len)
|
|
+{
|
|
+ if (buf) {
|
|
+ PyObject *o = PyBytes_FromStringAndSize((const char *)buf, len);
|
|
+ return o;
|
|
+ }
|
|
+ Py_RETURN_NONE;
|
|
+}
|
|
+
|
|
+static PyObject *rpmfile_imasig(rpmfileObject *s)
|
|
+{
|
|
+ size_t len = 0;
|
|
+ const unsigned char *sig = rpmfilesFSignature(s->files, s->ix, &len);
|
|
+ return bytebuf(sig, len);
|
|
+}
|
|
+
|
|
static PyObject *rpmfile_class(rpmfileObject *s)
|
|
{
|
|
return utf8FromString(rpmfilesFClass(s->files, s->ix));
|
|
@@ -278,6 +294,8 @@ static PyGetSetDef rpmfile_getseters[] = {
|
|
"language the file provides (typically for doc files)" },
|
|
{ "caps", (getter) rpmfile_caps, NULL,
|
|
"file capabilities" },
|
|
+ { "imasig", (getter) rpmfile_imasig, NULL,
|
|
+ "IMA signature" },
|
|
{ NULL, NULL, NULL, NULL }
|
|
};
|
|
|
|
diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c
|
|
index b143c5b9b..6f39db6be 100644
|
|
--- a/sign/rpmsignfiles.c
|
|
+++ b/sign/rpmsignfiles.c
|
|
@@ -98,8 +98,9 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
|
|
td.count = 1;
|
|
|
|
while (rpmfiNext(fi) >= 0) {
|
|
+ uint32_t slen;
|
|
digest = rpmfiFDigest(fi, NULL, NULL);
|
|
- signature = signFile(algoname, digest, diglen, key, keypass, &siglen);
|
|
+ signature = signFile(algoname, digest, diglen, key, keypass, &slen);
|
|
if (!signature) {
|
|
rpmlog(RPMLOG_ERR, _("signFile failed\n"));
|
|
goto exit;
|
|
@@ -110,6 +111,8 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
|
|
goto exit;
|
|
}
|
|
signature = _free(signature);
|
|
+ if (slen > siglen)
|
|
+ siglen = slen;
|
|
}
|
|
|
|
if (siglen > 0) {
|
|
--
|
|
2.33.1
|
|
|