diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2019-07-31 11:56:26 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2019-08-28 12:16:52 +0300 |
commit | 0b0f4a1a3c3eca8801e624e68d025afbb6b6e86d (patch) | |
tree | 570dd64133697f3d2bbcd6959529a5c1e97fbe0d | |
parent | 6577f5bfc538118dd0ea16852631f2c705182703 (diff) | |
download | rpm-0b0f4a1a3c3eca8801e624e68d025afbb6b6e86d.tar.gz |
Fix off-by-one in hdrblobGet() making last entry unreachable (RhBug:1722921)
hdrblobGet() introduced in commits acfde0d0e812e9f8e153ab6be8c9f2682bdd4763
and 9821de18811db97238c34a564221e315f5f35b44 has an off-by-one thinko
(perhaps the idea was to skip the first, region tag) which causes
the last entry to be unreachable. In typical packages, that is
RPMSIG_PAYLOADSIZE which is not used at all in this context so it doesn't
matter, but in large packages use RPMSIG_LONGARCHIVESIZE which has a lower
tag number and leaves either RPMSIGTAG_MD5 or RPMSIGTAG_GPG last,
unreachable and thus unverifiable. Oops.
This fixes the regression introduced in rpm 4.14, affecting verification
of large packages (ie having RPMSIG_LONGARCHIVESIZE)
(cherry picked from commit e219c9548d16a3c18dd261f7043bb8d221b87c77)
-rw-r--r-- | lib/header.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/header.c b/lib/header.c index 33623884a..9ec7ed0e4 100644 --- a/lib/header.c +++ b/lib/header.c @@ -2015,7 +2015,7 @@ rpmRC hdrblobGet(hdrblob blob, uint32_t tag, rpmtd td) memset(&einfo, 0, sizeof(einfo)); rpmtdReset(td); - for (int i = 1; i < blob->il; i++, pe++) { + for (int i = 0; i < blob->il; i++, pe++) { if (pe->tag != ntag) continue; ei2h(pe, &einfo); |