Control: reassign -1 reprepro 5.3.0-1
Control: retitle -1 reprepro imposes arbitrary limits on control files that are
successfully parsed by other debian tools
Ximin Luo:
> [..]
> I'll take a look at reprepro in the next 2-3 weeks; arbitrary limits like
> 256K should be pretty easy to fix (have you tried simply configuring the BDB
> limits?).
The relevant code in reprepro is indexfile.c
line 66: f->size = 256*1024;
Change this to something like 4MB would be a short hacky fix to the current
issue, I don't think even the extreme rust examples have a 4MB control field
yet.
A long-term fix would be to fix this:
line 151-166:
if (f->size - f->ofs <= 2048) {
/* Adding code to enlarge the buffer in this case
* is risky as hard to test properly.
*
* Also it is almost certainly caused by some
* mis-representation of the file or perhaps
* some attack. Requesting all existing memory in
* those cases does not sound very useful. */
fprintf(stderr,
"Error parsing %s line %d: Ridiculous long (>= 256K) control chunk!\n",
f->filename,
f->startlinenumber);
f->failed = true;
return RET_ERROR;
}
One reasonable option would be to rip out this code and use whatever dpkg
itself is using to parse the fields.
X
--
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
