RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 08-Nov-2007 20:40:41
Branch: HEAD Handle: 2007110819403803
Modified files:
rpm CHANGES
rpm/lib package.c rpmchecksig.c
rpm/rpmdb pkgio.c
rpm/rpmio rpmpgp.c
Log:
- fix: "trade a double free for a modest memory leak for the moment."
Summary:
Revision Changes Path
1.1777 +1 -0 rpm/CHANGES
2.178 +18 -26 rpm/lib/package.c
1.168 +1 -1 rpm/lib/rpmchecksig.c
1.22 +0 -3 rpm/rpmdb/pkgio.c
2.65 +5 -1 rpm/rpmio/rpmpgp.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.1776 -r1.1777 CHANGES
--- rpm/CHANGES 8 Nov 2007 18:08:26 -0000 1.1776
+++ rpm/CHANGES 8 Nov 2007 19:40:38 -0000 1.1777
@@ -1,4 +1,5 @@
4.5 -> 5.0:
+ - jbj: fix: "trade a double free for a modest memory leak for the moment."
- jbj: add headerModifyExtension everywhere.
- jbj: add header{Init,Next,Free}Extension almost everywhere.
- jbj: add headerRemoveExtension everywhere.
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/package.c
============================================================================
$ cvs diff -u -r2.177 -r2.178 package.c
--- rpm/lib/package.c 19 Oct 2007 00:36:44 -0000 2.177
+++ rpm/lib/package.c 8 Nov 2007 19:40:40 -0000 2.178
@@ -186,15 +186,12 @@
{
HGE_t hge = (HGE_t)headerGetExtension;
HE_t he = memset(alloca(sizeof(*he)), 0, sizeof(*he));
+ HE_t she = memset(alloca(sizeof(*she)), 0, sizeof(*she));
pgpDig dig = rpmtsDig(ts);
FD_t fd = _fd;
char buf[8*BUFSIZ];
ssize_t count;
Header sigh = NULL;
- int_32 sigtag;
- int_32 sigtype;
- const void * sig;
- int_32 siglen;
rpmtsOpX opx;
rpmop op = NULL;
size_t nb;
@@ -263,7 +260,7 @@
msg = _free(msg);
}
-#define _chk(_mask) (sigtag == 0 && !(vsflags & (_mask)))
+#define _chk(_mask) (she->tag == 0 && !(vsflags & (_mask)))
/*
* Figger the most effective available signature.
@@ -271,20 +268,20 @@
* DSA will be preferred over RSA if both exist because tested first.
* Note that NEEDPAYLOAD prevents header+payload signatures and digests.
*/
- sigtag = 0;
+ she->tag = 0;
opx = 0;
vsflags = pgpGetVSFlags(dig);
if (_chk(RPMVSF_NODSAHEADER) && headerIsEntry(sigh, RPMSIGTAG_DSA)) {
- sigtag = RPMSIGTAG_DSA;
+ she->tag = RPMSIGTAG_DSA;
} else
if (_chk(RPMVSF_NORSAHEADER) && headerIsEntry(sigh, RPMSIGTAG_RSA)) {
- sigtag = RPMSIGTAG_RSA;
+ she->tag = RPMSIGTAG_RSA;
} else
#if defined(SUPPORT_RPMV3_VERIFY_DSA)
if (_chk(RPMVSF_NODSA|RPMVSF_NEEDPAYLOAD) &&
headerIsEntry(sigh, RPMSIGTAG_GPG))
{
- sigtag = RPMSIGTAG_GPG;
+ she->tag = RPMSIGTAG_GPG;
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
opx = RPMTS_OP_SIGNATURE;
} else
@@ -293,18 +290,18 @@
if (_chk(RPMVSF_NORSA|RPMVSF_NEEDPAYLOAD) &&
headerIsEntry(sigh, RPMSIGTAG_PGP))
{
- sigtag = RPMSIGTAG_PGP;
+ she->tag = RPMSIGTAG_PGP;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
opx = RPMTS_OP_SIGNATURE;
} else
#endif
if (_chk(RPMVSF_NOSHA1HEADER) && headerIsEntry(sigh, RPMSIGTAG_SHA1)) {
- sigtag = RPMSIGTAG_SHA1;
+ she->tag = RPMSIGTAG_SHA1;
} else
if (_chk(RPMVSF_NOMD5|RPMVSF_NEEDPAYLOAD) &&
headerIsEntry(sigh, RPMSIGTAG_MD5))
{
- sigtag = RPMSIGTAG_MD5;
+ she->tag = RPMSIGTAG_MD5;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
opx = RPMTS_OP_DIGEST;
}
@@ -338,7 +335,7 @@
msg = _free(msg);
/* Any digests or signatures to check? */
- if (sigtag == 0) {
+ if (she->tag == 0) {
rc = RPMRC_OK;
goto exit;
}
@@ -347,24 +344,19 @@
dig->nbytes = 0;
/* Retrieve the tag parameters from the signature header. */
- sig = NULL;
- he->tag = sigtag;
- xx = hge(sigh, he, 0);
- sigtype = he->t;
- sig = he->p.ptr;
- siglen = he->c;
- if (sig == NULL) {
+ xx = hge(sigh, she, 0);
+ if (she->p.ptr == NULL) {
rc = RPMRC_FAIL;
goto exit;
}
/*@-noeffect@*/
- xx = pgpSetSig(rpmtsDig(ts), sigtag, sigtype, sig, siglen);
+ xx = pgpSetSig(rpmtsDig(ts), she->tag, she->t, she->p.ptr, she->c);
/*@=noeffect@*/
- switch (sigtag) {
+ switch (she->tag) {
case RPMSIGTAG_RSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
- xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug()));
+ xx = pgpPrtPkts(she->p.ptr, she->c, dig, (_print_pkts & rpmIsDebug()));
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
@@ -401,7 +393,7 @@
} break;
case RPMSIGTAG_DSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
- xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug()));
+ xx = pgpPrtPkts(she->p.ptr, she->c, dig, (_print_pkts & rpmIsDebug()));
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
@@ -435,7 +427,7 @@
(void) rpmDigestUpdate(dig->hdrsha1ctx, uh, uhc);
dig->nbytes += uhc;
(void) rpmswExit(op, dig->nbytes);
- if (sigtag == RPMSIGTAG_SHA1)
+ if (she->tag == RPMSIGTAG_SHA1)
op->count--; /* XXX one too many */
uh = _free(uh);
} break;
@@ -448,7 +440,7 @@
case RPMSIGTAG_PGP:
#endif
/* Parse the parameters from the OpenPGP packets that will be needed. */
- xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug()));
+ xx = pgpPrtPkts(she->p.ptr, she->c, dig, (_print_pkts & rpmIsDebug()));
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmchecksig.c
============================================================================
$ cvs diff -u -r1.167 -r1.168 rpmchecksig.c
--- rpm/lib/rpmchecksig.c 8 Nov 2007 17:14:56 -0000 1.167
+++ rpm/lib/rpmchecksig.c 8 Nov 2007 19:40:40 -0000 1.168
@@ -845,7 +845,7 @@
{
HGE_t hge = (HGE_t)headerGetExtension;
HE_t he = memset(alloca(sizeof(*he)), 0, sizeof(*he));
- HE_t she = memset(alloca(sizeof(*he)), 0, sizeof(*he));
+ HE_t she = memset(alloca(sizeof(*she)), 0, sizeof(*she));
int res2, res3;
char result[1024];
char buf[8192], * b;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/pkgio.c
============================================================================
$ cvs diff -u -r1.21 -r1.22 pkgio.c
--- rpm/rpmdb/pkgio.c 19 Oct 2007 00:36:47 -0000 1.21
+++ rpm/rpmdb/pkgio.c 8 Nov 2007 19:40:40 -0000 1.22
@@ -291,9 +291,6 @@
(void) rpmswAdd(rpmtsOp(ts, opx), pgpStatsAccumulator(ts->dig, opx));
opx = RPMTS_OP_SIGNATURE;
(void) rpmswAdd(rpmtsOp(ts, opx), pgpStatsAccumulator(ts->dig, opx));
-/*@-noeffect@*/
- (void) pgpSetSig(ts->dig, 0, 0, NULL, 0); /* move to pgpFreeDig? */
-/*@=noeffect@*/
ts->dig = pgpFreeDig(ts->dig);
}
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmpgp.c
============================================================================
$ cvs diff -u -r2.64 -r2.65 rpmpgp.c
--- rpm/rpmio/rpmpgp.c 4 Nov 2007 17:59:56 -0000 2.64
+++ rpm/rpmio/rpmpgp.c 8 Nov 2007 19:40:41 -0000 2.65
@@ -1077,7 +1077,11 @@
{
if (dig != NULL) {
- /* DUmp the signature/pubkey data. */
+ /* Lose the header tag data. */
+ if (dig->sig)
+ dig->sig = _free(dig->sig);
+
+ /* Dump the signature/pubkey data. */
pgpCleanDig(dig);
if (dig->hdrsha1ctx != NULL)
@@ .
Received on Thu Nov 8 20:40:41 2007