54 lines
1.5 KiB
Diff
54 lines
1.5 KiB
Diff
|
--- ./lib/header.c.orig 2011-10-19 15:08:41.000000000 +0000
|
||
|
+++ ./lib/header.c 2011-10-19 15:11:40.000000000 +0000
|
||
|
@@ -904,6 +904,10 @@ Header headerLoad(void * uh)
|
||
|
h->indexUsed += ne;
|
||
|
}
|
||
|
}
|
||
|
+ rdlen += REGION_TAG_COUNT;
|
||
|
+ /* XXX should be equality test, but dribbles are sometimes a bit off? */
|
||
|
+ if (rdlen > dl)
|
||
|
+ goto errxit;
|
||
|
}
|
||
|
|
||
|
h->flags &= ~HEADERFLAG_SORTED;
|
||
|
--- ./rpmio/rpmpgp.c.orig 2011-10-19 15:12:17.000000000 +0000
|
||
|
+++ ./rpmio/rpmpgp.c 2011-10-19 15:13:46.000000000 +0000
|
||
|
@@ -402,6 +402,8 @@ static int pgpPrtSubType(const uint8_t *
|
||
|
|
||
|
while (hlen > 0) {
|
||
|
i = pgpLen(p, &plen);
|
||
|
+ if (i + plen > hlen)
|
||
|
+ break;
|
||
|
p += i;
|
||
|
hlen -= i;
|
||
|
|
||
|
@@ -484,7 +486,7 @@ static int pgpPrtSubType(const uint8_t *
|
||
|
p += plen;
|
||
|
hlen -= plen;
|
||
|
}
|
||
|
- return 0;
|
||
|
+ return (hlen != 0); /* non-zero hlen is an error */
|
||
|
}
|
||
|
|
||
|
static const char * const pgpSigRSA[] = {
|
||
|
@@ -608,7 +610,8 @@ fprintf(stderr, " hash[%zu] -- %s\n",
|
||
|
_digp->hashlen = sizeof(*v) + plen;
|
||
|
_digp->hash = memcpy(xmalloc(_digp->hashlen), v, _digp->hashlen);
|
||
|
}
|
||
|
- (void) pgpPrtSubType(p, plen, v->sigtype, _digp);
|
||
|
+ if (pgpPrtSubType(p, plen, v->sigtype, _digp))
|
||
|
+ return 1;
|
||
|
p += plen;
|
||
|
|
||
|
plen = pgpGrab(p,2);
|
||
|
@@ -619,7 +622,8 @@ fprintf(stderr, " hash[%zu] -- %s\n",
|
||
|
|
||
|
if (_debug && _print)
|
||
|
fprintf(stderr, " unhash[%zu] -- %s\n", plen, pgpHexStr(p, plen));
|
||
|
- (void) pgpPrtSubType(p, plen, v->sigtype, _digp);
|
||
|
+ if (pgpPrtSubType(p, plen, v->sigtype, _digp))
|
||
|
+ return 1;
|
||
|
p += plen;
|
||
|
|
||
|
plen = pgpGrab(p,2);
|