I stubbed my toe on this link today:
https://blog.fuzzing-project.org/52-Multiple-vulnerabilities-in-RPM-and-a-rant.html
So I ran the 5 rpm’s posted at the link through rpm in CVS:
$ ../rpm --version
lt-rpm (RPM) 5.4.18
(where afaik *.rpm package reading is identical to released rpm-5.4.17).
The results are below: all PASS.
Disclaimer: this post doesn’t claim anything other than what is written.
73 de Jeff
================================================
--> /X/src/wdj54/rpm --rpmpopt=/X/src/wdj54/rpmpopt
--macros=/X/src/wdj54/macros/macros:/X/src/wdj54/tests/macros -qvvp
FUZZRPMS/rpm-heap-oob-read-headerVerifyInfo.rpm
D: pool fd: created size 392 limit -1 flags 0
D: pool lua: created size 64 limit -1 flags 0
D: pool ts: created size 1200 limit -1 flags 0
D: pool gi: created size 176 limit -1 flags 0
D: pool dig: created size 424 limit -1 flags 0
error: FUZZRPMS/rpm-heap-oob-read-headerVerifyInfo.rpm: Signature: sigh tags:
BAD, no. of tags(0) out of range
D: pool iob: created size 48 limit -1 flags 0
D: === #2 rc(1) adding 0 args from manifest:
FUZZRPMS/rpm-heap-oob-read-headerVerifyInfo.rpm
D: pool tsi: created size 48 limit -1 flags 0
D: pool gi: reused 0, alloc'd 1, free'd 1 items.
D: pool tsi: reused 3, alloc'd 1, free'd 1 items.
D: pool ts: reused 0, alloc'd 1, free'd 1 items.
D: pool lua: reused 0, alloc'd 1, free'd 1 items.
D: pool iob: reused 0, alloc'd 1, free'd 1 items.
D: pool dig: reused 0, alloc'd 1, free'd 1 items.
D: pool fd: reused 6, alloc'd 2, free'd 2 items.
D: exit code: 0
--> /X/src/wdj54/rpm --rpmpopt=/X/src/wdj54/rpmpopt
--macros=/X/src/wdj54/macros/macros:/X/src/wdj54/tests/macros -qvvp
FUZZRPMS/rpm-heap-oob-read-rpmtdGetNumber.rpm
D: pool fd: created size 392 limit -1 flags 0
D: pool lua: created size 64 limit -1 flags 0
D: pool ts: created size 1200 limit -1 flags 0
D: pool gi: created size 176 limit -1 flags 0
D: pool dig: created size 424 limit -1 flags 0
error: FUZZRPMS/rpm-heap-oob-read-rpmtdGetNumber.rpm: Signature: sigh tag[0]:
BAD, tag 2147483917 type 6 offset 0 count 1
D: pool iob: created size 48 limit -1 flags 0
D: === #2 rc(1) adding 0 args from manifest:
FUZZRPMS/rpm-heap-oob-read-rpmtdGetNumber.rpm
D: pool tsi: created size 48 limit -1 flags 0
D: pool gi: reused 0, alloc'd 1, free'd 1 items.
D: pool tsi: reused 3, alloc'd 1, free'd 1 items.
D: pool ts: reused 0, alloc'd 1, free'd 1 items.
D: pool lua: reused 0, alloc'd 1, free'd 1 items.
D: pool iob: reused 0, alloc'd 1, free'd 1 items.
D: pool dig: reused 0, alloc'd 1, free'd 1 items.
D: pool fd: reused 6, alloc'd 2, free'd 2 items.
D: exit code: 0
--> /X/src/wdj54/rpm --rpmpopt=/X/src/wdj54/rpmpopt
--macros=/X/src/wdj54/macros/macros:/X/src/wdj54/tests/macros -qvvp
FUZZRPMS/rpm-nullptr-rpmtdFormat.rpm
D: pool fd: created size 392 limit -1 flags 0
D: pool lua: created size 64 limit -1 flags 0
D: pool ts: created size 1200 limit -1 flags 0
D: pool gi: created size 176 limit -1 flags 0
D: pool dig: created size 424 limit -1 flags 0
error: FUZZRPMS/rpm-nullptr-rpmtdFormat.rpm: Signature: day[0]: BAD, tag
808464432 type 7 offset 48 count 16
D: pool iob: created size 48 limit -1 flags 0
D: === #2 rc(1) adding 0 args from manifest:
FUZZRPMS/rpm-nullptr-rpmtdFormat.rpm
D: pool tsi: created size 48 limit -1 flags 0
D: pool gi: reused 0, alloc'd 1, free'd 1 items.
D: pool tsi: reused 3, alloc'd 1, free'd 1 items.
D: pool ts: reused 0, alloc'd 1, free'd 1 items.
D: pool lua: reused 0, alloc'd 1, free'd 1 items.
D: pool iob: reused 0, alloc'd 1, free'd 1 items.
D: pool dig: reused 0, alloc'd 1, free'd 1 items.
D: pool fd: reused 6, alloc'd 2, free'd 2 items.
D: exit code: 0
--> /X/src/wdj54/rpm --rpmpopt=/X/src/wdj54/rpmpopt
--macros=/X/src/wdj54/macros/macros:/X/src/wdj54/tests/macros -qvvp
FUZZRPMS/rpm-segfault-headerVerifyInfo.rpm
D: pool fd: created size 392 limit -1 flags 0
D: pool lua: created size 64 limit -1 flags 0
D: pool ts: created size 1200 limit -1 flags 0
D: pool gi: created size 176 limit -1 flags 0
D: pool dig: created size 424 limit -1 flags 0
error: FUZZRPMS/rpm-segfault-headerVerifyInfo.rpm: Signature: day[0]: BAD, tag
808464432 type 7 offset 48 count 16
D: pool iob: created size 48 limit -1 flags 0
D: === #2 rc(1) adding 0 args from manifest:
FUZZRPMS/rpm-segfault-headerVerifyInfo.rpm
D: pool tsi: created size 48 limit -1 flags 0
D: pool gi: reused 0, alloc'd 1, free'd 1 items.
D: pool tsi: reused 3, alloc'd 1, free'd 1 items.
D: pool ts: reused 0, alloc'd 1, free'd 1 items.
D: pool lua: reused 0, alloc'd 1, free'd 1 items.
D: pool iob: reused 0, alloc'd 1, free'd 1 items.
D: pool dig: reused 0, alloc'd 1, free'd 1 items.
D: pool fd: reused 6, alloc'd 2, free'd 2 items.
D: exit code: 0
--> /X/src/wdj54/rpm --rpmpopt=/X/src/wdj54/rpmpopt
--macros=/X/src/wdj54/macros/macros:/X/src/wdj54/tests/macros -qvvp
FUZZRPMS/rpm-stackoverflow-glob.rpm
D: pool fd: created size 392 limit -1 flags 0
D: pool lua: created size 64 limit -1 flags 0
D: pool ts: created size 1200 limit -1 flags 0
D: pool gi: created size 176 limit -1 flags 0
D: pool dig: created size 424 limit -1 flags 0
D: pool iob: created size 48 limit -1 flags 0
D: === #5 rc(1) adding 0 args from manifest: FUZZRPMS/rpm-stackoverflow-glob.rpm
D: pool tsi: created size 48 limit -1 flags 0
D: pool gi: reused 0, alloc'd 1, free'd 1 items.
D: pool tsi: reused 3, alloc'd 1, free'd 1 items.
D: pool ts: reused 0, alloc'd 1, free'd 1 items.
D: pool lua: reused 0, alloc'd 1, free'd 1 items.
D: pool iob: reused 0, alloc'd 1, free'd 1 items.
D: pool dig: reused 0, alloc'd 1, free'd 1 items.
D: pool fd: reused 6, alloc'd 2, free'd 2 items.
D: exit code: 0
