[pacman-dev] [PATCH] libalpm/signing.c: Fix calculation of packet size in parse_subpacket

Andrew Gregory andrew.gregory.8 at gmail.com
Sun May 31 19:51:54 UTC 2020


On 05/20/20 at 02:22pm, Allan McRae wrote:
> Given RFC 4880 provides the code to do this calculation, I am not sure
> how I managed to stuff that up!  This bug was only exposed when a
> signature made with "include-key-block" was added to the Arch repos,
> which provided a subpacket with the required size to hit this issue.

LGTM. Though, it might be worth it to use + instead of | just so we
match 4880 and extract_keyid exactly.

> Signed-off-by: Allan McRae <allan at archlinux.org>
> ---
> 
> Also appropriate for 5.2.2
> 
>  lib/libalpm/signing.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
> index c8eaaca2..422523b6 100644
> --- a/lib/libalpm/signing.c
> +++ b/lib/libalpm/signing.c
> @@ -1058,7 +1058,7 @@ static int parse_subpacket(alpm_handle_t *handle, const char *identifier,
>  				if(length_check(len, spos, 2, handle, identifier) != 0){
>  					return -1;
>  				}
> -				slen = (sig[spos] << 8) | sig[spos + 1];
> +				slen = (((sig[spos] - 192) << 8) | sig[spos + 1]) + 192;
>  				spos = spos + 2;
>  			} else {
>  				if(length_check(len, spos, 5, handle, identifier) != 0) {
> -- 
> 2.26.2


More information about the pacman-dev mailing list