From 5f061ca214578f41dc93aa6c75a78cb4006f7e33 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Fri, 23 May 2008 16:59:04 +0300
Subject: [PATCH] Unbreak DSA signature trailer handling - RFC 4880 states the
 following: 	V4 signatures also hash in a final trailer of six octets: the 
 version of the Signature packet, i.e., 0x04; 0xFF; and a four-octet, 
 big-endian number that is the length of the hashed data from the 
 Signature packet (note that this number does not include these final 	six
 octets).   ... but we were using size_t, whose size is  platform dependent,
 oops :)

---
 lib/signature.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/signature.c b/lib/signature.c
index cc1d017..b3e7f42 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -1290,14 +1290,14 @@ verifyDSASignature(rpmts ts, char ** msg,
 	    xx = rpmDigestUpdate(ctx, sigp->hash, sigp->hashlen);
 
 	if (sigp->version == 4) {
-	    size_t nb = sigp->hashlen;
-	    uint8_t *trailer = xmalloc(2+sizeof(nb));
+	    /* V4 trailer is six octets long (rfc4880) */
+	    uint8_t trailer[6];
+	    uint32_t nb = sigp->hashlen;
 	    nb = htonl(nb);
 	    trailer[0] = sigp->version;
 	    trailer[1] = 0xff;
-	    memcpy(trailer+2, &nb, sizeof(nb));
+	    memcpy(trailer+2, &nb, 4);
 	    xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
-	    free(trailer);
 	}
 	xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 0);
 	(void) rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), sigp->hashlen);
-- 
2.7.4