There's an assertion check that the offset field in the trailer region
that marks the end of the plaintext that is digitally signed had a
negative value stored originally.
The code is different in rpm-5.0, but a similar operation is performed in rpm4
as a sanity check on the "immutable header region" i.e the plaintext
that is digitally signed in a *.rpm package.
Here's the snippet of rpmdb/header.c code around the assertion failure:
...
{ rpmint32_t off = (rpmint32_t) ntohl(pe->offset);
BTW, here's the failure I was referring to:
[jbj@wellfleet tmp]$ rpm --addsign smbios- utils-2. 1.0-1.1. x86_64. rpm utils-2. 1.0-1.1. x86_64. rpm:
Enter pass phrase:
Pass phrase is good.
smbios-
rpm: header.c:1104: headerLoad: Assertion `(rpmint32_t)rdl >= 0' failed.
Aborted
[jbj@wellfleet tmp]$ rpm --version
rpm (RPM) 5.2.DEVEL
There's an assertion check that the offset field in the trailer region
that marks the end of the plaintext that is digitally signed had a
negative value stored originally.
The code is different in rpm-5.0, but a similar operation is performed in rpm4
as a sanity check on the "immutable header region" i.e the plaintext
that is digitally signed in a *.rpm package.
Here's the snippet of rpmdb/header.c code around the assertion failure:
...
{ rpmint32_t off = (rpmint32_t) ntohl(pe->offset);
if (hdrchkData(off))
goto errxit;
size_ t nb = REGION_TAG_COUNT;
rpmuint32_ t * stei = memcpy(alloca(nb), dataStart + off, nb); t)-ntohl( stei[2] ); /* negative offset */ (rpmint32_ t)rdl >= 0); /* XXX insurance */ t)(rdl/ sizeof( *pe));
goto errxit;
entry- >info.tag = (rpmuint32_t) htonl(pe->tag);
/*@-sizeoftyp e@*/
/*@=sizeoftyp e@*/
entry- >info.tag = HEADER_IMAGE;
entry- >info.offset = (rpmint32_t) -rdl; /* negative offset */
if (off) {
/*@-sizeoftype@*/
/*@=sizeoftype@*/
rdl = (rpmuint32_
assert(
ril = (rpmuint32_
if (hdrchkTags(ril) || hdrchkData(rdl))
} else {
ril = il;
rdl = (rpmuint32_t)(ril * sizeof(struct entryInfo_s));
}
}
...