projects / platform / upstream / rpm.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c6e89ca) | patch
Verify the entire region trailer, not just its offset, is within data area
authorPanu Matilainen <pmatilai@redhat.com>
Thu, 20 Oct 2011 07:37:31 +0000 (10:37 +0300)
committerPanu Matilainen <pmatilai@redhat.com>
Thu, 20 Oct 2011 07:52:58 +0000 (10:52 +0300)
commitbfcc5bf3b9bfe77e7771eb947b17ffea87192ee7
treec4c43b1dba1433717056401ad1bad2600ddc2900tree | snapshot
parentc6e89ca9452e8c26b7a7374fe3388397871b81b4commit | diff
Verify the entire region trailer, not just its offset, is within data area

- Offset being within the data area doesn't help if the actual data doesn't
  fit. Since the trailer size is well known, we can just as easily
  make the check accurate to prevent reading beyond end of data in case
  the offset is subtly wrong.
- In headerLoad(), region offset of zero doesn't need sanity checking,
  only validate if its something else and do so accurately there too.
lib/header.c diff | blob | history
lib/package.c diff | blob | history
lib/signature.c diff | blob | history
Domain: SCM / Build;