pld rpm 5.4.17
Jeffrey Johnson
n3npq at me.com
Sat Mar 4 21:59:24 CET 2017
> On Mar 4, 2017, at 4:17 AM, Jakub Bogusz <qboosh at pld-linux.org> wrote:
>>
>>
>> The variable il is derived and may be tainted, while off and nb are de facto positioning
>> within the header memory blob. And yes, it may not matter.
>
> il is already used earlier to calculate dataStart. And length of the
> whole data (pvlen).
>
Yes. Please note “And yes it may not matter.” I’m absolutely sure your analysis is
sound, just perhaps there is more to do.
>> Meanwhile the entire issue is rather obscure, and only testing will tell.
>> Is there any information about what header???s are failing headerCopyLoad()?
>> If those headers are public keys, then the real flaw is elsewhere, wrapping
>> a public key within an immutable region, with an appended SHA1.
>
> No, these are two packages.
> I'm attaching whole db data of one of them (partially described by me
> during investigation).
>
Thank you.
Please be patient while I do forensics to understand where the regression/flaw
entered into 5.4.17.
For starters (after reading the dump, decoding the hex is next):
There is no appended signature tag in the dump you sent.
That basically means that those headers were not produced by any version of RPM5
in the last 5-6y, all headers are signed, and some signature tag SHOULD have been appended.
I will know more from examining RPMTAG_RPMVERSION and other build tracking tags …
… it will take a bit of digging to find the root cause.
Meanwhile, by all means, apply your patch if it works for PLD. I’m just trying
not to flip-flop-flip-flop patches upstream until I understand fully what the problem
is and what needs to be done.
hth
73 de Jeff
More information about the pld-devel-en
mailing list