projects / platform / upstream / rpm.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0c7638e) | patch
Validate negated offsets too in headerVerifyInfo()
authorPanu Matilainen <pmatilai@redhat.com>
Tue, 14 Feb 2012 09:27:46 +0000 (11:27 +0200)
committerPanu Matilainen <pmatilai@redhat.com>
Tue, 3 Apr 2012 13:29:24 +0000 (16:29 +0300)
commit43d07a9ece2a0ec9222742ccdcb3d6815aa924af
treee48d1fd3b8169ab57d6e96f1837b04c15e7c2386tree | snapshot
parent0c7638e2b530b886485a06ad7693e59b3c6cabf5commit | diff
Validate negated offsets too in headerVerifyInfo()

- Undo the ancient broken fix for RhBug:71996 from commit
  9e06e3b8ca76ae55eaf2c4e37ba9cac729789014: instead of disabling
  the check, pass in the correct upper range which is entirely
  different from everything else for the region trailer tag.
- Fixes CVE-2012-0815
(cherry picked from commit 6fc6b45bf9fef0f17a2900c6c5198bda5e50d09e)
lib/header.c diff | blob | history
lib/package.c diff | blob | history
lib/signature.c diff | blob | history
Domain: SCM / Build;