83 lines
2.7 KiB
Diff
83 lines
2.7 KiB
Diff
From f078f852fa618f9f3a6553ff25eafd21cae0b3c1 Mon Sep 17 00:00:00 2001
|
|
From: shenxiangwei <shenxiangwei1@huawei.com>
|
|
Date: Tue, 2 Aug 2022 21:11:44 +0800
|
|
Subject: [PATCH 1/2] fix faulty code
|
|
|
|
Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com>
|
|
---
|
|
lib/crypto.c | 4 ++--
|
|
lib/xattr.c | 3 +++
|
|
parsers/rpm.c | 4 ++--
|
|
src/rpm_parser.c | 4 ++--
|
|
4 files changed, 9 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/lib/crypto.c b/lib/crypto.c
|
|
index d81992e..5397feb 100644
|
|
--- a/lib/crypto.c
|
|
+++ b/lib/crypto.c
|
|
@@ -314,7 +314,7 @@ static int sign_file(int dirfd, char *filename, char *key_path, char *keypass,
|
|
memcpy(buf + asn1->size, digest, digest_len);
|
|
|
|
sig_len = RSA_private_encrypt(digest_len + asn1->size, buf, sig, k->key,
|
|
- RSA_PKCS1_PADDING);
|
|
+ RSA_PKCS1_OAEP_PADDING);
|
|
if (sig_len < 0) {
|
|
printf("RSA_private_encrypt() failed: %d\n", sig_len);
|
|
goto out_buf;
|
|
@@ -403,7 +403,7 @@ static int verify_common(struct list_head *head, int dirfd, char *filename,
|
|
goto out;
|
|
}
|
|
|
|
- ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_PADDING);
|
|
+ ret = RSA_public_decrypt(sig_len, sig, out, k->key, RSA_PKCS1_OAEP_PADDING);
|
|
if (ret < 0) {
|
|
printf("RSA_public_decrypt() failed: %d\n", ret);
|
|
goto out;
|
|
diff --git a/lib/xattr.c b/lib/xattr.c
|
|
index 2aa9c96..3bfb35c 100644
|
|
--- a/lib/xattr.c
|
|
+++ b/lib/xattr.c
|
|
@@ -132,6 +132,9 @@ int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,
|
|
return -ENODATA;
|
|
|
|
*buf_len = ret;
|
|
+ if (*buf_len > 65536)
|
|
+ return -ENOMEM;
|
|
+
|
|
*buf = malloc(*buf_len);
|
|
if (!*buf)
|
|
return -ENOMEM;
|
|
diff --git a/parsers/rpm.c b/parsers/rpm.c
|
|
index e344e30..fc6122e 100644
|
|
--- a/parsers/rpm.c
|
|
+++ b/parsers/rpm.c
|
|
@@ -135,8 +135,8 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
|
|
|
|
for (i = 0; i < digests_count && digests < bufendp; i++) {
|
|
u16 modifiers = 0;
|
|
- int digest_str_len = strlen(digests);
|
|
- int basename_str_len = strlen(basenames);
|
|
+ size_t digest_str_len = strlen(digests);
|
|
+ size_t basename_str_len = strlen(basenames);
|
|
int filecaps_str_len = filecaps ? strlen(filecaps) : 0;
|
|
char *obj_label;
|
|
u16 mode = 0;
|
|
diff --git a/src/rpm_parser.c b/src/rpm_parser.c
|
|
index 2cb4219..abb4754 100644
|
|
--- a/src/rpm_parser.c
|
|
+++ b/src/rpm_parser.c
|
|
@@ -164,8 +164,8 @@ static int parse_rpm(int fd_ima, int add, char *path, struct stat *st)
|
|
algo = pgp_algo_mapping[be32_to_cpu(*(u32 *)algo_buf)];
|
|
|
|
for (i = 0; i < digests_count && digests < bufendp; i++) {
|
|
- int digest_str_len = strlen(digests);
|
|
- int basename_str_len = strlen(basenames);
|
|
+ size_t digest_str_len = strlen(digests);
|
|
+ size_t basename_str_len = strlen(basenames);
|
|
u32 dirindex = 0;
|
|
|
|
if ((basenames &&
|
|
--
|
|
2.27.0
|
|
|