RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 04-Apr-2016 05:59:53 Branch: rpm-5_4 Handle: 2016040403595300 Modified files: (Branch: rpm-5_4) rpm/rpmio rpmltc.c Log: - ltc: ensure that rpmltcMpiItem returns a useful error code. - ltc: turn verification asserts into a return code. Summary: Revision Changes Path 1.2.4.15 +14 -5 rpm/rpmio/rpmltc.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/rpmio/rpmltc.c ============================================================================ $ cvs diff -u -r1.2.4.14 -r1.2.4.15 rpmltc.c --- rpm/rpmio/rpmltc.c 17 Mar 2016 21:44:14 -0000 1.2.4.14 +++ rpm/rpmio/rpmltc.c 4 Apr 2016 03:59:53 -0000 1.2.4.15 @@ -397,12 +397,18 @@ /* XXX &rc is where valid is returned: return code ususally CRYPT_OK */ switch (pubp->pubkey_algo) { default: -assert(0); + goto exit; break; case PGPPUBKEYALGO_RSA: -assert(ltc->hashIdx >= 0); + if (ltc->hashIdx < 0 + || !ltc->c || mp_unsigned_bin_size(ltc->c) >= (int)sizeof(sig)) + goto exit; siglen = ltc->nbits/8; + if (siglen > sizeof(sig)) + goto exit; nz = siglen - mp_unsigned_bin_size(ltc->c); + if (nz > sizeof(sig)) + nz = 0; if (nz) /* XXX resurrect leading zero bytes. */ memset(sig, 0, nz); xx = mp_to_unsigned_bin(ltc->c, sig+nz); @@ -412,8 +418,8 @@ _padding, ltc->hashIdx, saltlen, &rc, <c->rsa)); break; case PGPPUBKEYALGO_DSA: -assert(ltc->r && ltc->s); -assert(ltc->qbits); + if (!(ltc->r && ltc->s && ltc->qbits)) + goto exit; /* XXX Truncate to qbits (if necessary) */ dlen = (ltc->digestlen > ltc->qbits/8 ? ltc->qbits/8 : ltc->digestlen); xx = rpmltcErr(ltc, "dsa_verify_hash_raw", @@ -426,7 +432,8 @@ #endif break; case PGPPUBKEYALGO_ECDSA: -assert(ltc->r && ltc->s); + if (!(ltc->r && ltc->s && ltc->qbits)) + goto exit; xx = der_encode_sequence_multi(sig, &siglen, LTC_ASN1_INTEGER, 1UL, ltc->r, LTC_ASN1_INTEGER, 1UL, ltc->s, @@ -437,6 +444,7 @@ break; } +exit: SPEW(!rc, rc, dig); return rc; } @@ -699,6 +707,7 @@ nb = pgpMpiLen(p); rc = ecc_ansi_x963_import(p+2, nb-2, <c->ecdsa); assert(rc == CRYPT_OK); + rc = 0; break; } @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org