rpm-5.4.16 snapshot
Jeff Johnson
n3npq at mac.com
Sun Apr 24 19:14:07 CEST 2016
On Apr 24, 2016, at 12:49 PM, Jeff Johnson wrote:
>
> (aside)
> BTW, there is one other 1-line patch to rpmio/pkgio.c needed to plug a 16b memory leak
> in rdSignature(). The final code should look like
>
> ...
> /* All packages should have RPMSIGTAG_MD5. */
> he->tag = (rpmTag) RPMSIGTAG_MD5;
> xx = headerGet(sigh, he, HEADERGET_SIGHEADER);
> he->p.ptr = _free(he->p.ptr); /* <== THIS LINE */
> if (!xx) {
> ...
>
And there is another 1 liner found by fuzzing with american fuzzy-lop
after 1.1B execs that I just checked in:
Summary stats
=============
Fuzzers alive : 6
Total run time : 37 days, 14 hours
Total execs : 1135 million
Cumulative speed : 2097 execs/sec
Pending paths : 0 faves, 1 total
Pending per fuzzer : 0 faves, 0 total (on average)
Crashes found : 38 locally unique
FWIW, I don't consider either the 16b memory leak or the header read hardening
(that affects 3 unique "hangs" found in 1.1B execs) to be worth re-rolling
(and re-testing) rpm-5.4.16.
RPM is about installing *.rpm packages, not in reading randomized inputs.
hth
73 de Jeff
More information about the pld-devel-en
mailing list