From 5f6ef895b1dac04c7fb1b63acab2d42c19f91922 Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Wed, 20 May 2020 14:17:11 +1000 Subject: libalpm/signing.c: Fix calculation of packet size in parse_subpacket Given RFC 4880 provides the code to do this calculation, I am not sure how I managed to stuff that up! This bug was only exposed when a signature made with "include-key-block" was added to the Arch repos, which provided a subpacket with the required size to hit this issue. Signed-off-by: Allan McRae --- lib/libalpm/signing.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index c8eaaca2..2cbbd103 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -1058,7 +1058,7 @@ static int parse_subpacket(alpm_handle_t *handle, const char *identifier, if(length_check(len, spos, 2, handle, identifier) != 0){ return -1; } - slen = (sig[spos] << 8) | sig[spos + 1]; + slen = ((sig[spos] - 192) << 8) + sig[spos + 1] + 192; spos = spos + 2; } else { if(length_check(len, spos, 5, handle, identifier) != 0) { -- cgit v1.2.3-70-g09d2