From f078f852fa618f9f3a6553ff25eafd21cae0b3c1 Mon Sep 17 00:00:00 2001
From: shenxiangwei <shenxiangwei1@huawei.com>
Date: Tue, 2 Aug 2022 21:11:44 +0800
Subject: [PATCH 1/2] fix faulty code

Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
---
 lib/crypto.c     | 4 ++--
 lib/xattr.c      | 3 +++
 parsers/rpm.c    | 4 ++--
 src/rpm_parser.c | 4 ++--
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/crypto.c b/lib/crypto.c
index d81992e..5397feb 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -314,7 +314,7 @@ static int sign_file(int dirfd, char *filename, char *key_path, char *keypass,
 	memcpy(buf + asn1->size, digest, digest_len);
 
 	sig_len = RSA_private_encrypt(digest_len + asn1->size, buf, sig, k->key,
-				      RSA_PKCS1_PADDING);
+				      RSA_PKCS1_OAEP_PADDING);
 	if (sig_len < 0) {
 		printf("RSA_private_encrypt() failed: %d\n", sig_len);
 		goto out_buf;
@@ -403,7 +403,7 @@ static int verify_common(struct list_head *head, int dirfd, char *filename,
 		goto out;
 	}
 
-	ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_PADDING);
+	ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_OAEP_PADDING);
 	if (ret < 0) {
 		printf("RSA_public_decrypt() failed: %d\n", ret);
 		goto out;
diff --git a/lib/xattr.c b/lib/xattr.c
index 2aa9c96..3bfb35c 100644
--- a/lib/xattr.c
+++ b/lib/xattr.c
@@ -132,6 +132,9 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
 		return -ENODATA;
 
 	*buf_len = ret;
+	if (*buf_len > 65536)
+		return -ENOMEM;
+
 	*buf = malloc(*buf_len);
 	if (!*buf)
 		return -ENOMEM;
diff --git a/parsers/rpm.c b/parsers/rpm.c
index e344e30..fc6122e 100644
--- a/parsers/rpm.c
+++ b/parsers/rpm.c
@@ -135,8 +135,8 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
 
 	for (i = 0; i < digests_count && digests < bufendp; i++) {
 		u16 modifiers = 0;
-		int digest_str_len = strlen(digests);
-		int basename_str_len = strlen(basenames);
+		size_t digest_str_len = strlen(digests);
+		size_t basename_str_len = strlen(basenames);
 		int filecaps_str_len = filecaps ? strlen(filecaps) : 0;
 		char *obj_label;
 		u16 mode = 0;
diff --git a/src/rpm_parser.c b/src/rpm_parser.c
index 2cb4219..abb4754 100644
--- a/src/rpm_parser.c
+++ b/src/rpm_parser.c
@@ -164,8 +164,8 @@ static int parse_rpm(int fd_ima, int add, char *path, struct stat *st)
 		algo = pgp_algo_mapping[be32_to_cpu(*(u32 *)algo_buf)];
 
 	for (i = 0; i < digests_count && digests < bufendp; i++) {
-		int digest_str_len = strlen(digests);
-		int basename_str_len = strlen(basenames);
+		size_t digest_str_len = strlen(digests);
+		size_t basename_str_len = strlen(basenames);
 		u32 dirindex = 0;
 
 		if ((basenames &&
-- 
2.27.0