diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2019-07-31 11:56:26 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2020-03-26 11:57:58 +0200 |
commit | 01d66841297958ab7b3407e2c5cacdfdc1e3874a (patch) | |
tree | 48212b39f99760c20e5c3f7d2b6a20759ecaf5c8 | |
parent | 3ff51fabb32a21d6b0815c6261704bc0d52cfb1e (diff) | |
download | rpm-01d66841297958ab7b3407e2c5cacdfdc1e3874a.tar.gz |
Fix off-by-one in hdrblobGet() making last entry unreachable (RhBug:1722921)
hdrblobGet() introduced in commits acfde0d0e812e9f8e153ab6be8c9f2682bdd4763
and 9821de18811db97238c34a564221e315f5f35b44 has an off-by-one thinko
(perhaps the idea was to skip the first, region tag) which causes
the last entry to be unreachable. In typical packages, that is
RPMSIG_PAYLOADSIZE which is not used at all in this context so it doesn't
matter, but in large packages use RPMSIG_LONGARCHIVESIZE which has a lower
tag number and leaves either RPMSIGTAG_MD5 or RPMSIGTAG_GPG last,
unreachable and thus unverifiable. Oops.
This fixes the regression introduced in rpm 4.14, affecting verification
of large packages (ie having RPMSIG_LONGARCHIVESIZE)
(cherry picked from commit e219c9548d16a3c18dd261f7043bb8d221b87c77)
(cherry picked from commit 0b0f4a1a3c3eca8801e624e68d025afbb6b6e86d)
-rw-r--r-- | lib/header.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/header.c b/lib/header.c index 5b09f8352..616c0620c 100644 --- a/lib/header.c +++ b/lib/header.c @@ -2016,7 +2016,7 @@ rpmRC hdrblobGet(hdrblob blob, uint32_t tag, rpmtd td) memset(&einfo, 0, sizeof(einfo)); rpmtdReset(td); - for (int i = 1; i < blob->il; i++, pe++) { + for (int i = 0; i < blob->il; i++, pe++) { if (pe->tag != ntag) continue; ei2h(pe, &einfo); |