mirror of
https://github.com/go-gitea/gitea
synced 2024-12-22 12:47:53 +01:00
Fix RPM resource leak (#31794)
Fixes a resource leak introduced by #27069. - add defer - move sign code out of `repository.go`
This commit is contained in:
parent
de2787a493
commit
3862b31abb
@ -133,19 +133,20 @@ func UploadPackageFile(ctx *context.Context) {
|
||||
}
|
||||
defer buf.Close()
|
||||
|
||||
// if rpm sign enabled
|
||||
if setting.Packages.DefaultRPMSignEnabled || ctx.FormBool("sign") {
|
||||
pri, _, err := rpm_service.GetOrCreateKeyPair(ctx, ctx.Package.Owner.ID)
|
||||
priv, _, err := rpm_service.GetOrCreateKeyPair(ctx, ctx.Package.Owner.ID)
|
||||
if err != nil {
|
||||
apiError(ctx, http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
buf, err = rpm_service.SignPackage(buf, pri)
|
||||
signedBuf, err := rpm_service.SignPackage(buf, priv)
|
||||
if err != nil {
|
||||
// Not in rpm format, parsing failed.
|
||||
apiError(ctx, http.StatusBadRequest, err)
|
||||
return
|
||||
}
|
||||
defer signedBuf.Close()
|
||||
|
||||
buf = signedBuf
|
||||
}
|
||||
|
||||
pck, err := rpm_module.ParsePackage(buf)
|
||||
|
@ -21,7 +21,6 @@ import (
|
||||
rpm_model "code.gitea.io/gitea/models/packages/rpm"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/json"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
packages_module "code.gitea.io/gitea/modules/packages"
|
||||
rpm_module "code.gitea.io/gitea/modules/packages/rpm"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
@ -30,7 +29,6 @@ import (
|
||||
"github.com/ProtonMail/go-crypto/openpgp"
|
||||
"github.com/ProtonMail/go-crypto/openpgp/armor"
|
||||
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
||||
"github.com/sassoftware/go-rpmutils"
|
||||
)
|
||||
|
||||
// GetOrCreateRepositoryVersion gets or creates the internal repository package
|
||||
@ -643,33 +641,3 @@ func addDataAsFileToRepo(ctx context.Context, pv *packages_model.PackageVersion,
|
||||
OpenSize: wc.Written(),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func SignPackage(rpm *packages_module.HashedBuffer, privateKey string) (*packages_module.HashedBuffer, error) {
|
||||
keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewReader([]byte(privateKey)))
|
||||
if err != nil {
|
||||
// failed to parse key
|
||||
return nil, err
|
||||
}
|
||||
entity := keyring[0]
|
||||
h, err := rpmutils.SignRpmStream(rpm, entity.PrivateKey, nil)
|
||||
if err != nil {
|
||||
// error signing rpm
|
||||
return nil, err
|
||||
}
|
||||
signBlob, err := h.DumpSignatureHeader(false)
|
||||
if err != nil {
|
||||
// error writing sig header
|
||||
return nil, err
|
||||
}
|
||||
if len(signBlob)%8 != 0 {
|
||||
log.Info("incorrect padding: got %d bytes, expected a multiple of 8", len(signBlob))
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// move fp to sign end
|
||||
if _, err := rpm.Seek(int64(h.OriginalSignatureHeaderSize()), io.SeekStart); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// create signed rpm buf
|
||||
return packages_module.CreateHashedBufferFromReader(io.MultiReader(bytes.NewReader(signBlob), rpm))
|
||||
}
|
||||
|
39
services/packages/rpm/sign.go
Normal file
39
services/packages/rpm/sign.go
Normal file
@ -0,0 +1,39 @@
|
||||
// Copyright 2024 The Gitea Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package rpm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"strings"
|
||||
|
||||
packages_module "code.gitea.io/gitea/modules/packages"
|
||||
|
||||
"github.com/ProtonMail/go-crypto/openpgp"
|
||||
"github.com/sassoftware/go-rpmutils"
|
||||
)
|
||||
|
||||
func SignPackage(buf *packages_module.HashedBuffer, privateKey string) (*packages_module.HashedBuffer, error) {
|
||||
keyring, err := openpgp.ReadArmoredKeyRing(strings.NewReader(privateKey))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
h, err := rpmutils.SignRpmStream(buf, keyring[0].PrivateKey, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
signBlob, err := h.DumpSignatureHeader(false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if _, err := buf.Seek(int64(h.OriginalSignatureHeaderSize()), io.SeekStart); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// create new buf with signature prefix
|
||||
return packages_module.CreateHashedBufferFromReader(io.MultiReader(bytes.NewReader(signBlob), buf))
|
||||
}
|
Loading…
Reference in New Issue
Block a user