Michal Domonkos 72e460
From f6ffaacbbf7f5aca45139a612c5dd8db3f2094dc Mon Sep 17 00:00:00 2001
Michal Domonkos b08229
From: Michal Domonkos <mdomonko@redhat.com>
Michal Domonkos b08229
Date: Mon, 5 Aug 2024 14:40:57 +0200
Michal Domonkos b08229
Subject: [PATCH] Skip to hashed subpacket data directly
Michal Domonkos b08229
Michal Domonkos 72e460
Let OpenScanHub grok the bigger picture instead of producing a spurious
Michal Domonkos 72e460
overrun warning for v->hashlen when we're dereferencing p later.
Michal Domonkos 72e460
Michal Domonkos 72e460
Casting the v pointer back to uint8_t is unnecessary when we could just
Michal Domonkos 72e460
use h directly but it's done this way in the if branch for pgp version 3
Michal Domonkos 72e460
in this function as well as in pgpPrtKey() so copy that, just for the
Michal Domonkos 72e460
sake of consistency.
Michal Domonkos 72e460
Michal Domonkos 72e460
Along the same lines (consistency), change the p pointer to a const
Michal Domonkos 72e460
pointer.
Michal Domonkos b08229
Michal Domonkos b08229
No functional change.
Michal Domonkos b08229
Michal Domonkos b08229
Resolves: RHEL-22607
Michal Domonkos b08229
---
Michal Domonkos 72e460
 rpmio/rpmpgp.c | 5 ++---
Michal Domonkos 72e460
 1 file changed, 2 insertions(+), 3 deletions(-)
Michal Domonkos b08229
Michal Domonkos b08229
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
Michal Domonkos 72e460
index d0688ebe9..6f044eb1b 100644
Michal Domonkos b08229
--- a/rpmio/rpmpgp.c
Michal Domonkos b08229
+++ b/rpmio/rpmpgp.c
Michal Domonkos 72e460
@@ -565,7 +565,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
Michal Domonkos 72e460
 		     pgpDigParams _digp)
Michal Domonkos 72e460
 {
Michal Domonkos 72e460
     uint8_t version = 0;
Michal Domonkos 72e460
-    uint8_t * p;
Michal Domonkos 72e460
+    const uint8_t * p;
Michal Domonkos 72e460
     unsigned int plen;
Michal Domonkos 72e460
     int rc = 1;
Michal Domonkos 72e460
 
Michal Domonkos b08229
@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
Michal Domonkos b08229
 	pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
Michal Domonkos b08229
 	pgpPrtNL();
Michal Domonkos b08229
 
Michal Domonkos b08229
-	p = &v->hashlen[0];
Michal Domonkos b08229
 	if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
Michal Domonkos b08229
 	    return 1;
Michal Domonkos b08229
-	p += sizeof(v->hashlen);
Michal Domonkos 72e460
+	p = ((uint8_t *)v) + sizeof(*v);
Michal Domonkos b08229
 
Michal Domonkos b08229
 	if ((p + plen) > (h + hlen))
Michal Domonkos b08229
 	    return 1;
Michal Domonkos b08229
-- 
Michal Domonkos 72e460
2.46.0
Michal Domonkos b08229