Enable data overlap checks for signature header too

For whatever historical reason rpmReadSignature() had its own loop for calling headerVerifyInfo() on each tag one by one. Not only is this redundant since headerVerifyInfo() can loop on its own and a wholly unnecessary difference between the signature and regular header, it also misses the opportunity to perform data overlap checks on the signature data.
author: Panu Matilainen <pmatilai@redhat.com> 2016-11-16 13:20:46 +0200
committer: Panu Matilainen <pmatilai@redhat.com> 2016-11-16 13:26:41 +0200
commit: 7010c677b0d2b0b7b4714e675d4296d3499439fc (patch)
tree: c6089a1aa4aacbc2e445c72f3cd76b8791041023
parent: e4705b4181922d99f6e012a8ae98edac553ee102 (diff)
download: rpm-7010c677b0d2b0b7b4714e675d4296d3499439fc.tar.gz
1 files changed, 2 insertions, 5 deletions
diff --git a/lib/signature.c b/lib/signature.c
index 5da5b88b4..e9b0fa45a 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -146,7 +146,6 @@ rpmRC rpmReadSignature(FD_t fd, Header * sighp, char ** msg)
     Header sigh = NULL;
     rpmRC rc = RPMRC_FAIL;		/* assume failure */
     int xx;
-    int i;
 
     if (sighp)
 	*sighp = NULL;
@@ -195,10 +194,8 @@ rpmRC rpmReadSignature(FD_t fd, Header * sighp, char ** msg)
 	goto exit;
 
     /* Sanity check signature tags */
-    for (i = 1; i < il; i++) {
-	if (headerVerifyInfo(1, dl, pe+i, dataStart, NULL, &buf) != -1)
-	    goto exit;
-    }
+    if (headerVerifyInfo(il-1, dl, pe+1, dataStart, NULL, &buf) != -1)
+	goto exit;
 
     /* OK, blob looks sane, load the header. */
     sigh = headerImport(ei, uc, 0);
author	Panu Matilainen <pmatilai@redhat.com>	2016-11-16 13:20:46 +0200
committer	Panu Matilainen <pmatilai@redhat.com>	2016-11-16 13:26:41 +0200
commit	7010c677b0d2b0b7b4714e675d4296d3499439fc (patch)
tree	c6089a1aa4aacbc2e445c72f3cd76b8791041023
parent	e4705b4181922d99f6e012a8ae98edac553ee102 (diff)
download	rpm-7010c677b0d2b0b7b4714e675d4296d3499439fc.tar.gz