Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 5d69131
Merge remote-tracking branch 'upstream/master'
Shawn Webb committed 2 years ago
commit 5d69131e597b6d64387e27943cd1528b53ca9b05
parent 825ab9d
5 files changed +18 -12
modified external/libder/libder/libder_private.h
@@ -12,11 +12,11 @@
#include <signal.h>

#include <stdbool.h>

#ifdef __APPLE__
- 
#define	__STDC_WANT_LIB_EXT1__	1
- 
#include <string.h>	/* memset_s */
- 
#else
- 
#include <strings.h>	/* explicit_bzero */
+ 
#define	__STDC_WANT_LIB_EXT1__	1	/* memset_s */

#endif
+ 
/* explicit_bzero is in one of these... */
+ 
#include <string.h>
+ 
#include <strings.h>

#include "libder.h"



/* FreeBSD's sys/cdefs.h */
modified external/libder/libder/libder_write.c
@@ -201,7 +201,7 @@ libder_write(struct libder_ctx *ctx, struct libder_object *root, uint8_t *buf,
	/* Allocate if we weren't passed a buffer. */

	if (*bufsz == 0) {

		*bufsz = needed;
- 
		buf = malloc(needed + 1);
+ 
		buf = malloc(needed);

		if (buf == NULL)

			return (NULL);

	} else if (needed > *bufsz) {
modified libpkg/pkg_repo.c
@@ -755,12 +755,8 @@ pkg_repo_archive_extract_check_archive(int fd, const char *file,
		 * over the repo rather than raw.  This required some kludges

		 * to work with, but future pkgsign_verify implementations

		 * should not follow in its path.
- 
		 *
- 
		 * We reduce siglen by one to chop off the NULL terminator that
- 
		 * is packed in with it over in pkg_repo_finish().

		 */
- 
		ret = pkgsign_verify(sctx, rkey, s->sig, s->siglen - 1,
- 
		    dest_fd);
+ 
		ret = pkgsign_verify(sctx, rkey, s->sig, s->siglen, dest_fd);

		if (ret != EPKG_OK) {

			pkg_emit_error("Invalid signature, "

					"removing repository.");
modified libpkg/pkg_repo_create.c
@@ -1003,7 +1003,7 @@ pack_sign(struct packing *pack, struct pkgsign_ctx *sctx, const char *path,
	}



	iov[offset].iov_base = sigret;
- 
	iov[offset++].iov_len = siglen + 1;
+ 
	iov[offset++].iov_len = siglen;



	if (packing_append_iovec(pack, name, iov, offset) != EPKG_OK) {

		free(sigret);
modified libpkg/pkgsign_ossl.c
@@ -344,6 +344,15 @@ ossl_verify(const struct pkgsign_ctx *sctx __unused, const char *keypath,


	(void)lseek(fd, 0, SEEK_SET);
+ 
	/*
+ 
	 * XXX Older versions of pkg write out the NUL terminator of the
+ 
	 * signature, so we shim it out here to avoid breaking compatibility.
+ 
	 * We can't do it at a lower level in the caller, because other signers
+ 
	 * may use a binary format that could legitimately contain a nul byte.
+ 
	 */
+ 
	if (sig[sig_len - 1] == '\0')
+ 
		sig_len--;
+ 


	cbdata.key = key_buf;

	cbdata.keylen = key_len;

	cbdata.sig = sig;
@@ -444,11 +453,12 @@ ossl_sign_data(struct pkgsign_ctx *sctx, const unsigned char *msg, size_t msgsz,
	}



#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 
	assert(*siglen <= INT_MAX);
+ 
	assert(*siglen < INT_MAX);

	EVP_PKEY_CTX_free(ctx);

#else

	RSA_free(rsa);

#endif
+ 
	*siglen += 1;

	return (EPKG_OK);

}