From: Panu Matilainen <pmatilai@redhat.com>
Date: Fri, 23 May 2008 13:59:04 +0000 (+0300)
Subject: Unbreak DSA signature trailer handling
X-Git-Tag: rpm-4.6.0-rc1~485
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5f061ca214578f41dc93aa6c75a78cb4006f7e33;p=platform%2Fupstream%2Frpm.git

Unbreak DSA signature trailer handling
- RFC 4880 states the following:
	V4 signatures also hash in a final trailer of six octets: the
	version of the Signature packet, i.e., 0x04; 0xFF; and a four-octet,
	big-endian number that is the length of the hashed data from the
	Signature packet (note that this number does not include these final
	six octets).
  ... but we were using size_t, whose size is  platform dependent, oops :)
---

diff --git a/lib/signature.c b/lib/signature.c
index cc1d017..b3e7f42 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -1290,14 +1290,14 @@ verifyDSASignature(rpmts ts, char ** msg,
 	    xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
 
 	if (sigp->version == 4) {
-	    size_t nb = sigp->hashlen;
-	    uint8_t *trailer = xmalloc(2+sizeof(nb));
+	    /* V4 trailer is six octets long (rfc4880) */
+	    uint8_t trailer[6];
+	    uint32_t nb = sigp->hashlen;
 	    nb = htonl(nb);
 	    trailer[0] = sigp->version;
 	    trailer[1] = 0xff;
-	    memcpy(trailer+2, &nb, sizeof(nb));
+	    memcpy(trailer+2, &nb, 4);
 	    xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
-	    free(trailer);
 	}
 	xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0);
 	(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen);