> On Mar 4, 2017, at 4:17 AM, Jakub Bogusz <qbo...@pld-linux.org> wrote: >> >> >> The variable il is derived and may be tainted, while off and nb are de facto >> positioning >> within the header memory blob. And yes, it may not matter. > > il is already used earlier to calculate dataStart. And length of the > whole data (pvlen). >
Yes. Please note “And yes it may not matter.” I’m absolutely sure your analysis is sound, just perhaps there is more to do. >> Meanwhile the entire issue is rather obscure, and only testing will tell. >> Is there any information about what header???s are failing headerCopyLoad()? >> If those headers are public keys, then the real flaw is elsewhere, wrapping >> a public key within an immutable region, with an appended SHA1. > > No, these are two packages. > I'm attaching whole db data of one of them (partially described by me > during investigation). > Thank you. Please be patient while I do forensics to understand where the regression/flaw entered into 5.4.17. For starters (after reading the dump, decoding the hex is next): There is no appended signature tag in the dump you sent. That basically means that those headers were not produced by any version of RPM5 in the last 5-6y, all headers are signed, and some signature tag SHOULD have been appended. I will know more from examining RPMTAG_RPMVERSION and other build tracking tags … … it will take a bit of digging to find the root cause. Meanwhile, by all means, apply your patch if it works for PLD. I’m just trying not to flip-flop-flip-flop patches upstream until I understand fully what the problem is and what needs to be done. hth 73 de Jeff _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en