backport-Check-that-the-CRC-length-is-correct.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

From 1f03aba8b2881a5717af97065038fb056e02a2b3 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Thu, 3 Feb 2022 20:42:02 -0500
Subject: [PATCH] Check that the CRC length is correct

Also fix a memory leak in an error path.
---
 rpmio/rpmpgp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index 015c15a..d1966d3 100644
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -1444,7 +1444,8 @@ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
 
 	    crcdec = NULL;
 	    crclen = 0;
-	    if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0) {
+	    if (rpmBase64Decode(crcenc, (void **)&crcdec, &crclen) != 0 || crclen != 3) {
+		crcdec = _free(crcdec);
 		ec = PGPARMOR_ERR_CRC_DECODE;
 		goto exit;
 	    }
-- 
1.8.3.1