Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix input termination for pgpParsePkts #325

Merged
merged 1 commit into from
Oct 2, 2024
Merged

Fix input termination for pgpParsePkts #325

merged 1 commit into from
Oct 2, 2024

Conversation

jrohel
Copy link
Contributor

@jrohel jrohel commented Oct 2, 2024
edited
Loading

The pgpParsePkts function needs the OpenPGP ASCII armored input to be null terminated. The librepo contains code that checks if the input is null-terminated. If it is not, the code creates a local null-terminated copy of the input.

There was a bug in the code, so it may look for a terminating null several bytes behind the input buffer. And when a null was found behind the input buffer, the termination was not done. This caused the pgpParsePkts function to process several extra characters after the input buffer. These characters are generally random and sometimes cause the pgpParsePkts function to return an error.

I hope this fixes rpm-software-management/dnf#2107

@jrohel
Fix input termination for pgpParsePkts
06f979f 
The `pgpParsePkts` function needs the OpenPGP ASCII armored input to be
null terminated. The librepo contains code that checks if the input is
null-terminated. If it is not, the code creates a local null-terminated
copy of the input.

There was a bug in the code, so it may look for a terminating null
several bytes behind the input buffer. And when a null was found behind
the input buffer, the termination was not done. This caused
the `pgpParsePkts` function to process several extra characters after
the input buffer. These characters are generally random and sometimes
cause the `pgpParsePkts` function to return an error.
@m-blaha m-blaha self-assigned this Oct 2, 2024
m-blaha
m-blaha approved these changes Oct 2, 2024
View reviewed changes
Copy link
Member

@m-blaha m-blaha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch! This is one of those "easy to miss" errors.

@m-blaha m-blaha merged commit 1be8931 into rpm-software-management:master Oct 2, 2024
4 of 6 checks passed
@praiskup
Copy link
Member

Any plan to wrap a release?

@evan-goode
Copy link
Member

Updates are pending :)

https://bodhi.fedoraproject.org/updates/FEDORA-2024-5cce41cf3e
https://bodhi.fedoraproject.org/updates/FEDORA-2024-c912f70280
https://bodhi.fedoraproject.org/updates/FEDORA-2024-32c01ef78b
https://bodhi.fedoraproject.org/updates/FEDORA-2024-586ce2a0a9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m-blaha m-blaha m-blaha approved these changes

Assignees

@m-blaha m-blaha

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

F39 Copr builders fail Mock build with: Parsing armored OpenPGP packet(s) failed
4 participants
@jrohel @praiskup @evan-goode @m-blaha