Revert whack-a-mole attempts to fix IMA as broken

This reverts commits a79d7ae and 31e9daf which are still dangerously flawed.
pmatilai · Feb 7, 2022 · 53b7a0e · 53b7a0e
1 parent 91e1b2c
commit 53b7a0e
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 61 deletions.
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
@@ -116,8 +116,7 @@ struct rpmfiles_s {
     struct fingerPrint_s * fps;	/*!< File fingerprint(s). */
 
     int digestalgo;		/*!< File digest algorithm */
-    int *signaturelengths;	/*!< File signature lengths */
-    int signaturemaxlen;	/*!< Largest file signature length */
+    int signaturelength;	/*!< File signature length */
     int veritysiglength;	/*!< Verity signature length */
     uint16_t verityalgo;	/*!< Verity algorithm */
     unsigned char * digests;	/*!< File digests in binary. */
@@ -580,9 +579,9 @@ const unsigned char * rpmfilesFSignature(rpmfiles fi, int ix, size_t *len)
 
     if (fi != NULL && ix >= 0 && ix < rpmfilesFC(fi)) {
 	if (fi->signatures != NULL)
-	    signature = fi->signatures + (fi->signaturemaxlen * ix);
+	    signature = fi->signatures + (fi->signaturelength * ix);
 	if (len)
-	    *len = fi->signaturelengths ? fi->signaturelengths[ix] : 0;
+	    *len = fi->signaturelength;
     }
     return signature;
 }
@@ -1278,7 +1277,6 @@ rpmfiles rpmfilesFree(rpmfiles fi)
 	fi->flangs = _free(fi->flangs);
 	fi->digests = _free(fi->digests);
 	fi->signatures = _free(fi->signatures);
-	fi->signaturelengths = _free(fi->signaturelengths);
 	fi->veritysigs = _free(fi->veritysigs);
 	fi->fcaps = _free(fi->fcaps);
 
@@ -1509,52 +1507,23 @@ static void rpmfilesBuildNLink(rpmfiles fi, Header h)
 }
 
 /* Convert a tag of hex strings to binary presentation */
-/* If lengths is non-NULL, assume variable length strings */
-static uint8_t *hex2bin(Header h, rpmTagVal tag, rpm_count_t num, size_t len,
-			int **lengths, int *maxlen)
+static uint8_t *hex2bin(Header h, rpmTagVal tag, rpm_count_t num, size_t len)
 {
     struct rpmtd_s td;
     uint8_t *bin = NULL;
 
     if (headerGet(h, tag, &td, HEADERGET_MINMEM) && rpmtdCount(&td) == num) {
+	uint8_t *t = bin = xmalloc(num * len);
 	const char *s;
-	int maxl = 0;
-	int *lens = NULL;
-
-	/* Figure string sizes + max length for allocation purposes */
-	if (lengths) {
-	    int i = 0;
-	    lens = xmalloc(num * sizeof(*lens));
-
-	    while ((s = rpmtdNextString(&td))) {
-		lens[i] = strlen(s) / 2;
-		if (lens[i] > maxl)
-		    maxl = lens[i];
-		i++;
-	    }
-
-	    *lengths = lens;
-	    *maxlen = maxl;
-
-	    /* Reinitialize iterator for next round */
-	    rpmtdInit(&td);
-	} else {
-	    maxl = len;
-	}
 
-	uint8_t *t = bin = xmalloc(num * maxl);
-	int i = 0;
 	while ((s = rpmtdNextString(&td))) {
 	    if (*s == '\0') {
-		memset(t, 0, maxl);
-	    } else {
-		if (lens)
-		    len = lens[i];
-		for (int j = 0; j < len; j++, s += 2)
-		    t[j] = (rnibble(s[0]) << 4) | rnibble(s[1]);
+		memset(t, 0, len);
+		t += len;
+		continue;
 	    }
-	    t += maxl;
-	    i++;
+	    for (int j = 0; j < len; j++, t++, s += 2)
+		*t = (rnibble(s[0]) << 4) | rnibble(s[1]);
 	}
     }
     rpmtdFreeData(&td);
@@ -1679,15 +1648,15 @@ static int rpmfilesPopulate(rpmfiles fi, Header h, rpmfiFlags flags)
     /* grab hex digests from header and store in binary format */
     if (!(flags & RPMFI_NOFILEDIGESTS)) {
 	size_t diglen = rpmDigestLength(fi->digestalgo);
-	fi->digests = hex2bin(h, RPMTAG_FILEDIGESTS, totalfc, diglen,
-				NULL, NULL);
+	fi->digests = hex2bin(h, RPMTAG_FILEDIGESTS, totalfc, diglen);
     }
 
     fi->signatures = NULL;
     /* grab hex signatures from header and store in binary format */
     if (!(flags & RPMFI_NOFILESIGNATURES)) {
-	fi->signatures = hex2bin(h, RPMTAG_FILESIGNATURES, totalfc, 0,
-				&fi->signaturelengths, &fi->signaturemaxlen);
+	fi->signaturelength = headerGetNumber(h, RPMTAG_FILESIGNATURELENGTH);
+	fi->signatures = hex2bin(h, RPMTAG_FILESIGNATURES,
+				 totalfc, fi->signaturelength);
     }
 
     fi->veritysigs = NULL;

diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c
@@ -98,9 +98,8 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
     td.count = 1;
 
     while (rpmfiNext(fi) >= 0) {
-	uint32_t slen;
 	digest = rpmfiFDigest(fi, NULL, NULL);
-	signature = signFile(algoname, digest, diglen, key, keypass, &slen);
+	signature = signFile(algoname, digest, diglen, key, keypass, &siglen);
 	if (!signature) {
 	    rpmlog(RPMLOG_ERR, _("signFile failed\n"));
 	    goto exit;
@@ -111,8 +110,6 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
 	    goto exit;
 	}
 	signature = _free(signature);
-	if (slen > siglen)
-	    siglen = slen;
     }
 
     if (siglen > 0) {

diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -102,7 +102,6 @@ EXTRA_DIST += data/RPMS/hello-2.0-1.i686.rpm
 EXTRA_DIST += data/RPMS/hello-2.0-1.x86_64.rpm
 EXTRA_DIST += data/RPMS/hello-2.0-1.x86_64-signed.rpm
 EXTRA_DIST += data/RPMS/hlinktest-1.0-1.noarch.rpm
-EXTRA_DIST += data/RPMS/imatest-1.0-1.fc34.noarch.rpm
 EXTRA_DIST += data/SRPMS/foo-1.0-1.src.rpm
 EXTRA_DIST += data/SRPMS/hello-1.0-1.src.rpm
 EXTRA_DIST += data/SOURCES/hello.c

diff --git a/tests/data/RPMS/imatest-1.0-1.fc34.noarch.rpm b/tests/data/RPMS/imatest-1.0-1.fc34.noarch.rpm
diff --git a/tests/rpmpython.at b/tests/rpmpython.at
@@ -624,17 +624,6 @@ for f in fi:
 ],
 [])
 
-RPMPY_TEST([file sets 1],[
-ts = rpm.ts()
-h = ts.hdrFromFdno('${RPMDATA}/RPMS/imatest-1.0-1.fc34.noarch.rpm')
-files = rpm.files(h)
-for f in files:
-   myprint('%s: %s' % (f.name, f.imasig.hex()))
-],
-[/usr/share/example1: 030204a598255400483046022100e5117bdafa73baaeb1f1dc46ecaa46981a62d417745a33532572b63dc6d95d16022100c789107ac5b91e2d915e1df3c7b78414f6b3f50899d44c1de381d0e938dfc82b
-/usr/share/example2: 030204a598255400473045022100c10943795bff5d9c0db53dd4f8e4b845615fd08a2be295c30a80f5bdb4e6a41302203038840cc6abaab92acb56cb3e3ce520b17f22ff7444a8d5d0f703a44d5307a3
-],
-[])
 RPMPY_TEST([string pool 1],[
 p = rpm.strpool()
 for s in ['foo', 'bar', 'foo', 'zoo']: