diff options
| author | Allan McRae <allan@archlinux.org> | 2020-05-20 06:17:11 +0200 |
|---|---|---|
| committer | Andrew Gregory <andrew@archlinux.org> | 2020-06-18 11:03:51 +0200 |
| commit | 12503767c0be8f3eb28433fd58bcab0ec6f44a26 (patch) | |
| tree | 4c2f897c6041c42671106117fa117f1725d43ba0 | |
| parent | 03cfe9e21c6aaecaac21e932229a55f5f1041a3c (diff) | |
| download | pacman-12503767c0be8f3eb28433fd58bcab0ec6f44a26.tar.gz pacman-12503767c0be8f3eb28433fd58bcab0ec6f44a26.tar.xz | |
libalpm/signing.c: Fix calculation of packet size in parse_subpacket
Given RFC 4880 provides the code to do this calculation, I am not sure
how I managed to stuff that up! This bug was only exposed when a
signature made with "include-key-block" was added to the Arch repos,
which provided a subpacket with the required size to hit this issue.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 5f6ef895b1dac04c7fb1b63acab2d42c19f91922)
| -rw-r--r-- | lib/libalpm/signing.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 1703b4a5..0fe016ed 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -1098,7 +1098,7 @@ static int parse_subpacket(alpm_handle_t *handle, const char *identifier, if(length_check(len, spos, 2, handle, identifier) != 0){ return -1; } - slen = (sig[spos] << 8) | sig[spos + 1]; + slen = ((sig[spos] - 192) << 8) + sig[spos + 1] + 192; spos = spos + 2; } else { if(length_check(len, spos, 5, handle, identifier) != 0) { |