https://bugzilla.novell.com/show_bug.cgi?id=434890
User n3npq@mac.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=434890#c3
Jeff Johnson changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |n3npq@mac.com
--- Comment #3 from Jeff Johnson 2008-10-13 13:13:44 MDT ---
BTW, here's the failure I was referring to:
[jbj@wellfleet tmp]$ rpm --addsign smbios-utils-2.1.0-1.1.x86_64.rpm
Enter pass phrase:
Pass phrase is good.
smbios-utils-2.1.0-1.1.x86_64.rpm:
rpm: header.c:1104: headerLoad: Assertion `(rpmint32_t)rdl >= 0' failed.
Aborted
[jbj@wellfleet tmp]$ rpm --version
rpm (RPM) 5.2.DEVEL
There's an assertion check that the offset field in the trailer region
that marks the end of the plaintext that is digitally signed had a
negative value stored originally.
The code is different in rpm-5.0, but a similar operation is performed in rpm4
as a sanity check on the "immutable header region" i.e the plaintext
that is digitally signed in a *.rpm package.
Here's the snippet of rpmdb/header.c code around the assertion failure:
..
{ rpmint32_t off = (rpmint32_t) ntohl(pe->offset);
if (hdrchkData(off))
goto errxit;
if (off) {
/*@-sizeoftype@*/
size_t nb = REGION_TAG_COUNT;
/*@=sizeoftype@*/
rpmuint32_t * stei = memcpy(alloca(nb), dataStart + off, nb);
rdl = (rpmuint32_t)-ntohl(stei[2]); /* negative offset */
assert((rpmint32_t)rdl >= 0); /* XXX insurance */
ril = (rpmuint32_t)(rdl/sizeof(*pe));
if (hdrchkTags(ril) || hdrchkData(rdl))
goto errxit;
entry->info.tag = (rpmuint32_t) htonl(pe->tag);
} else {
ril = il;
/*@-sizeoftype@*/
rdl = (rpmuint32_t)(ril * sizeof(struct entryInfo_s));
/*@=sizeoftype@*/
entry->info.tag = HEADER_IMAGE;
}
}
entry->info.offset = (rpmint32_t) -rdl; /* negative offset */
..
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.