| Andrew Geissler | 4ed12e1 | 2020-06-05 18:00:41 -0500 | [diff] [blame] | 1 | From e8bf0eba7143abb6e69db82ee747a0c6790dd00a Mon Sep 17 00:00:00 2001 |
| 2 | From: Hongxu Jia <hongxu.jia@windriver.com> |
| 3 | Date: Wed, 3 Jun 2020 10:25:24 +0800 |
| 4 | Subject: [PATCH] Bump up the limit of signature header to 64MB |
| 5 | |
| 6 | Since commits [Place file signatures into the signature header where they |
| 7 | belong][1] applied, run `rpm -Kv **.rpm' failed if signature header |
| 8 | is larger than 64KB. Here are steps: |
| 9 | |
| 10 | 1) A unsigned rpm package, the size is 227560 bytes |
| 11 | $ ls -al xz-src-5.2.5-r0.corei7_64.rpm |
| 12 | -rw-------. 1 mockbuild 1000 227560 Jun 3 09:59 |
| 13 | |
| 14 | 2) Sign the rpm package |
| 15 | $ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm |
| 16 | |
| 17 | 3) The size of signed rpm is 312208 bytes |
| 18 | $ ls -al xz-src-5.2.5-r0.corei7_64.rpm |
| 19 | -rw-------. 1 mockbuild 1000 312208 Jun 3 09:48 |
| 20 | |
| 21 | 4) Run `rpm -Kv' failed with signature hdr data out of range |
| 22 | $ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm |
| 23 | xz-src-5.2.5-r0.corei7_64.rpm: |
| 24 | error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of |
| 25 | bytes(88864) out of range |
| 26 | |
| 27 | From 1) and 3), the size of signed rpm package increased |
| 28 | 312208 - 227560 = 84648, so the check of dl_max (64KB,65536) |
| 29 | is not enough. |
| 30 | |
| 31 | As [1] said: |
| 32 | |
| 33 | This also means the signature header can be MUCH bigger than ever |
| 34 | before,so bump up the limit (to 64MB, arbitrary something for now) |
| 35 | |
| 36 | So [1] missed to multiply by 1024. |
| 37 | |
| 38 | [1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c |
| 39 | |
| 40 | Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/486579912381ede82172dc6d0ff3941a6d0536b5] |
| 41 | |
| 42 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> |
| 43 | --- |
| 44 | lib/header.c | 2 +- |
| 45 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 46 | |
| 47 | diff --git a/lib/header.c b/lib/header.c |
| 48 | index 9ec7ed0..cbf6890 100644 |
| 49 | --- a/lib/header.c |
| 50 | +++ b/lib/header.c |
| 51 | @@ -1906,7 +1906,7 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl |
| 52 | |
| 53 | if (regionTag == RPMTAG_HEADERSIGNATURES) { |
| 54 | il_max = 32; |
| 55 | - dl_max = 64 * 1024; |
| 56 | + dl_max = 64 * 1024 * 1024; |
| 57 | } |
| 58 | |
| 59 | memset(block, 0, sizeof(block)); |
| 60 | -- |
| 61 | 2.25.4 |
| 62 | |