[CVS] RPM: rpm-5_4: rpm/rpmio/ rpmltc.c

Sun, 03 Apr 2016 21:00:07 -0700 

  RPM Package Manager, CVS Repository
  http://rpm5.org/cvs/
  ____________________________________________________________________________

  Server: rpm5.org                         Name:   Jeff Johnson
  Root:   /v/rpm/cvs                       Email:  j...@rpm5.org
  Module: rpm                              Date:   04-Apr-2016 05:59:53
  Branch: rpm-5_4                          Handle: 2016040403595300

  Modified files:           (Branch: rpm-5_4)
    rpm/rpmio               rpmltc.c

  Log:
    - ltc: ensure that rpmltcMpiItem returns a useful error code.
    - ltc: turn verification asserts into a return code.

  Summary:
    Revision    Changes     Path
    1.2.4.15    +14 -5      rpm/rpmio/rpmltc.c
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: rpm/rpmio/rpmltc.c
  ============================================================================
  $ cvs diff -u -r1.2.4.14 -r1.2.4.15 rpmltc.c
  --- rpm/rpmio/rpmltc.c        17 Mar 2016 21:44:14 -0000      1.2.4.14
  +++ rpm/rpmio/rpmltc.c        4 Apr 2016 03:59:53 -0000       1.2.4.15
  @@ -397,12 +397,18 @@
       /* XXX &rc is where valid is returned: return code ususally CRYPT_OK */
       switch (pubp->pubkey_algo) {
       default:
  -assert(0);
  +     goto exit;
        break;
       case PGPPUBKEYALGO_RSA:
  -assert(ltc->hashIdx >= 0);
  +     if (ltc->hashIdx < 0
  +      || !ltc->c || mp_unsigned_bin_size(ltc->c) >= (int)sizeof(sig))
  +         goto exit;
        siglen = ltc->nbits/8;
  +     if (siglen > sizeof(sig))
  +         goto exit;
        nz = siglen - mp_unsigned_bin_size(ltc->c);
  +     if (nz > sizeof(sig))
  +         nz = 0;
        if (nz)         /* XXX resurrect leading zero bytes. */
            memset(sig, 0, nz);
        xx = mp_to_unsigned_bin(ltc->c, sig+nz);
  @@ -412,8 +418,8 @@
                        _padding, ltc->hashIdx, saltlen, &rc, &ltc->rsa));
        break;
       case PGPPUBKEYALGO_DSA:
  -assert(ltc->r && ltc->s);
  -assert(ltc->qbits);
  +     if (!(ltc->r && ltc->s && ltc->qbits))
  +         goto exit;
        /* XXX Truncate to qbits (if necessary) */
        dlen = (ltc->digestlen > ltc->qbits/8 ? ltc->qbits/8 : ltc->digestlen);
        xx = rpmltcErr(ltc, "dsa_verify_hash_raw",
  @@ -426,7 +432,8 @@
   #endif
        break;
       case PGPPUBKEYALGO_ECDSA:
  -assert(ltc->r && ltc->s);
  +     if (!(ltc->r && ltc->s && ltc->qbits))
  +         goto exit;
        xx = der_encode_sequence_multi(sig, &siglen,
                        LTC_ASN1_INTEGER, 1UL, ltc->r,
                        LTC_ASN1_INTEGER, 1UL, ltc->s,
  @@ -437,6 +444,7 @@
        break;
       }
   
  +exit:
   SPEW(!rc, rc, dig);
       return rc;
   }
  @@ -699,6 +707,7 @@
        nb = pgpMpiLen(p);
        rc = ecc_ansi_x963_import(p+2, nb-2, &ltc->ecdsa);
   assert(rc == CRYPT_OK);
  +     rc = 0;
        break;
       }
   
  @@ .
______________________________________________________________________
RPM Package Manager                                    http://rpm5.org
CVS Sources Repository                                rpm-cvs@rpm5.org

Reply via email to