projects / platform / upstream / rpm.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f239982) | patch
Validate negated offsets too in headerVerifyInfo()
authorPanu Matilainen <pmatilai@redhat.com>
Tue, 14 Feb 2012 09:27:46 +0000 (11:27 +0200)
committerPanu Matilainen <pmatilai@redhat.com>
Tue, 3 Apr 2012 12:47:44 +0000 (15:47 +0300)
commit6fc6b45bf9fef0f17a2900c6c5198bda5e50d09e
tree915f10a6238f15907828fa0e5b5bcd3f89393e95tree | snapshot
parentf23998251992b8ae25faf5113c42fee2c49c7f29commit | diff
Validate negated offsets too in headerVerifyInfo()

- Undo the ancient broken fix for RhBug:71996 from commit
  9e06e3b8ca76ae55eaf2c4e37ba9cac729789014: instead of disabling
  the check, pass in the correct upper range which is entirely
  different from everything else for the region trailer tag.
- Fixes CVE-2012-0815
lib/header.c diff | blob | history
lib/package.c diff | blob | history
lib/signature.c diff | blob | history
Domain: SCM / Build;