pmatilai commented on this pull request.
> +EVP_PKEY_free(key->evp_pkey);
+key->evp_pkey = NULL;
+RSA_free(rsa);
+}
+
+return 1;
+}
+
+static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
+{
+size_t mlen = pgpMpiLen(p) - 2;
+struct pgpDi
t8m commented on this pull request.
> +EVP_PKEY_free(key->evp_pkey);
+key->evp_pkey = NULL;
+RSA_free(rsa);
+}
+
+return 1;
+}
+
+static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
+{
+size_t mlen = pgpMpiLen(p) - 2;
+struct pgpDigKeyR
t8m commented on this pull request.
> +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+if (!sig) return 0;
+
+if (r) {
+sig->r = r;
+}
+
+if (s) {
+sig->s = s;
+}
+
+return 1;
+}
+#endif /* HAVE_DSA_SIG_SET0 */
+
No, I mean when you assign the si
t8m commented on this pull request.
> +switch (num) {
+case 0:
+if (!bn) {
+bn = sig->bn = BN_new();
+}
+if (!bn) return 1;
+
+/* Create a BIGNUM from the signature pointer.
+ Note: this assumes big-endian data as required
+
Thanks for the report, fixed in commit
657553ffabd29f63d5c8b42a8284fa524d21be19.
This needs backporting to older versions too (so keeping open for now)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-
Fixed in commit 3a07ba3ba6f2c7d594730beefe8235b7eba4af52. This one needs
backporting to older versions so keeping open for now.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/i
The package is no longer readable after commit
3a07ba3ba6f2c7d594730beefe8235b7eba4af52 because there's a negative tag
involved. However the actual crash here is due to RPMTAG_PREFIXES type mismatch
(int32 in package, assumed string array) combined with lack of validation and
error checking - r
mlschroe commented on this pull request.
> +switch (num) {
+case 0:
+if (!bn) {
+bn = sig->bn = BN_new();
+}
+if (!bn) return 1;
+
+/* Create a BIGNUM from the signature pointer.
+ Note: this assumes big-endian data as required
+
pmatilai commented on this pull request.
> +switch (num) {
+case 0:
+if (!bn) {
+bn = sig->bn = BN_new();
+}
+if (!bn) return 1;
+
+/* Create a BIGNUM from the signature pointer.
+ Note: this assumes big-endian data as required
+
Just for completeness: Here's a different file triggering an out of bounds a
few lines earlier. It seems it is fixed by the same commit (sidenote: I think
it'd be a good idea to have regression tests with all the fuzzed files that
triggered bugs).
[rpmkeys-oob-heap-pgpPrtSubType-rpmpgp-427.zip]
The attached file triggers an out of bounds heap read in rmpkeys -K.
[rpmkeys-heap-oob-pgpPrtSig-rpmpgp-533.zip](https://github.com/rpm-software-management/rpm/files/757347/rpmkeys-heap-oob-pgpPrtSig-rpmpgp-533.zip)
asan error with current git (you get more meaningful ones with
ASAN_OPTIONS="fas
sgallagher commented on this pull request.
> +switch (num) {
+case 0:
+if (!bn) {
+bn = sig->bn = BN_new();
+}
+if (!bn) return 1;
+
+/* Create a BIGNUM from the signature pointer.
+ Note: this assumes big-endian data as required
+
sgallagher commented on this pull request.
> +EVP_PKEY_free(key->evp_pkey);
+key->evp_pkey = NULL;
+RSA_free(rsa);
+}
+
+return 1;
+}
+
+static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
+{
+size_t mlen = pgpMpiLen(p) - 2;
+struct pgp
sgallagher commented on this pull request.
> +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+if (!sig) return 0;
+
+if (r) {
+sig->r = r;
+}
+
+if (s) {
+sig->s = s;
+}
+
+return 1;
+}
+#endif /* HAVE_DSA_SIG_SET0 */
+
OK, I think I finally see
sgallagher commented on this pull request.
> +switch (num) {
+case 0:
+if (!bn) {
+bn = sig->bn = BN_new();
+}
+if (!bn) return 1;
+
+/* Create a BIGNUM from the signature pointer.
+ Note: this assumes big-endian data as required
+
I believe I have addressed all of the review comments thus far.
I also ran the code through a Coverity static analysis, which came up clean.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-man
Thanks for the report, fixed in commit 4ab3e0c5d1538cd35e106c4ecae3497048ad9763.
This too needs backporting...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/149#issueco
17 matches
Mail list logo
