Check rpmAddSignature() return codes (rhbz#442761)

- headerGetEntry() on RPMTAG_HEADERIMMUTABLE already caught the corrupted package, we just didn't paying attention - make the hge failed error message a bit more meaningful Backported from HEAD cb36d48351ea944d445db29635750042f445ec3d
author: Panu Matilainen <pmatilai@redhat.com> 2008-05-08 09:07:06 +0300
committer: Panu Matilainen <pmatilai@redhat.com> 2008-05-08 09:07:06 +0300
commit: 4a72b894a369a75f10706683b7fddfba07749d36 (patch)
tree: 0d62b277860fb0f1515678ae55ee92dd260f91b5
parent: 347c87cb3799c8c319bc3219490dc65d24142bbc (diff)
download: rpm-4a72b894a369a75f10706683b7fddfba07749d36.tar.gz
2 files changed, 21 insertions, 8 deletions
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index b4d377e71..d145d3a4c 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -288,12 +288,18 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
 	xx = headerRemoveEntry(sigh, RPMSIGTAG_BADSHA1_2);
 
 	/* Toss and recalculate header+payload size and digests. */
-	xx = headerRemoveEntry(sigh, RPMSIGTAG_SIZE);
-	xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_SIZE, qva->passPhrase);
-	xx = headerRemoveEntry(sigh, RPMSIGTAG_MD5);
-	xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_MD5, qva->passPhrase);
-	xx = headerRemoveEntry(sigh, RPMSIGTAG_SHA1);
-	xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_SHA1, qva->passPhrase);
+	{
+	    enum rpmtagSignature const sigs[] = { RPMSIGTAG_SIZE, 
+						  RPMSIGTAG_MD5,
+						  RPMSIGTAG_SHA1,
+						};
+	    int i, nsigs = sizeof(sigs) / sizeof(enum rpmtagSignature);
+	    for (i = 0; i < nsigs; i++) {
+		(void) headerRemoveEntry(sigh, sigs[i]);
+		if (rpmAddSignature(sigh, sigtarget, sigs[i], qva->passPhrase))
+		    goto exit;
+	    }
+	}
 
 	if (deleting) {	/* Nuke all the signature tags. */
 	    xx = headerRemoveEntry(sigh, RPMSIGTAG_GPG);
@@ -326,7 +332,9 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
 	    }
 
 	    xx = headerRemoveEntry(sigh, sigtag);
-	    xx = rpmAddSignature(sigh, sigtarget, sigtag, qva->passPhrase);
+	    if (rpmAddSignature(sigh, sigtarget, sigtag, qva->passPhrase)) {
+		goto exit;
+	    }
 
 	    /* If package was previously signed, check for same signer. */
 	    memset(newsignid, 0, sizeof(newsignid));
@@ -665,7 +673,9 @@ static int readFile(FD_t fd, const char * fn, pgpDig dig)
 	    ||   uh == NULL)
 	    {
 		h = headerFree(h);
-		rpmError(RPMERR_FREAD, _("%s: headerGetEntry failed\n"), fn);
+		rpmlog(RPMERR_FREAD, 
+			_("%s: Immutable header region could not be read. "
+			"Corrupted package?\n"), fn);
 		goto exit;
 	    }
 	    dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
diff --git a/lib/signature.c b/lib/signature.c
index 5617e3240..684846f47 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -732,6 +732,9 @@ static int makeHDRSignature(Header sigh, const char * file, int_32 sigTag,
 	    if (!headerGetEntry(h, RPMTAG_HEADERIMMUTABLE, &uht, &uh, &uhc)
 	     ||  uh == NULL)
 	    {
+		rpmlog(RPMERR_FREAD, 
+				_("Immutable header region could not be read. "
+				"Corrupted package?\n"));
 		h = headerFree(h);
 		goto exit;
 	    }
author	Panu Matilainen <pmatilai@redhat.com>	2008-05-08 09:07:06 +0300
committer	Panu Matilainen <pmatilai@redhat.com>	2008-05-08 09:07:06 +0300
commit	4a72b894a369a75f10706683b7fddfba07749d36 (patch)
tree	0d62b277860fb0f1515678ae55ee92dd260f91b5
parent	347c87cb3799c8c319bc3219490dc65d24142bbc (diff)
download	rpm-4a72b894a369a75f10706683b7fddfba07749d36.tar.gz