The following commit has been merged in the master branch:
commit 662d97913fe8d9f4aa784ca7595c415c65202148
Author: Guillem Jover <guil...@debian.org>
Date: Sat Jun 26 12:17:20 2010 +0200
libdpkg: Check version syntax when parsing
Remove the incomplete checkversion() from dpkg-deb as it's now unneeded.
Enable test-cases for invalid characters in version and revision parts.
Closes: #574704
diff --git a/debian/changelog b/debian/changelog
index ab691ad..21b21c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -56,6 +56,8 @@ dpkg (1.15.8) UNRELEASED; urgency=low
Martin Pitt, thanks! Closes: #68788, #68861, #497304, #525567, #583902
* Remove obsolete internal status aliases “postinst-failed” for
stat_halfconfigured and “removal-failed” for stat_halfinstalled.
+ * Check version syntax when parsing it from libdpkg based programs.
+ Closes: #574704
[ Updated programs translations ]
* German (Sven Joachim).
diff --git a/dpkg-deb/build.c b/dpkg-deb/build.c
index 3eaaf25..03e5966 100644
--- a/dpkg-deb/build.c
+++ b/dpkg-deb/build.c
@@ -85,19 +85,6 @@ known_arbitrary_field(const struct arbitraryfield *field)
return false;
}
-/* Do a quick check if vstring is a valid versionnumber. Valid in this case
- * means it contains at least one digit. If an error is found increment
- * *errs.
- */
-static void checkversion(const char *vstring, const char *valuename, int
*errs) {
- const char *p;
- if (!vstring || !*vstring) return;
- for (p=vstring; *p; p++) if (cisdigit(*p)) return;
- fprintf(stderr, _("dpkg-deb - error: %s (`%s') doesn't contain any
digits\n"),
- valuename, vstring);
- (*errs)++;
-}
-
static struct file_info *
file_info_new(const char *filename)
{
@@ -228,7 +215,7 @@ void do_build(const char *const *argv) {
struct pkginfo *checkedinfo;
struct arbitraryfield *field;
FILE *ar, *cf;
- int p1[2],p2[2],p3[2], warns, errs, n, c, subdir, gzfd;
+ int p1[2], p2[2], p3[2], warns, n, c, subdir, gzfd;
pid_t c1,c2,c3;
struct stat controlstab, datastab, mscriptstab, debarstab;
char conffilename[MAXCONFFILENAME+1];
@@ -277,7 +264,7 @@ void do_build(const char *const *argv) {
/* Lets start by reading in the control-file so we can check its contents
*/
strcpy(controlfile, directory);
strcat(controlfile, "/" BUILDCONTROLDIR "/" CONTROLFILE);
- warns= 0; errs= 0;
+ warns = 0;
parsedb(controlfile, pdb_recordavailable|pdb_rejectstatus,
&checkedinfo, stderr, &warns);
if (strspn(checkedinfo->name,
@@ -297,11 +284,6 @@ void do_build(const char *const *argv) {
controlfile, field->name);
warns++;
}
- checkversion(checkedinfo->available.version.version,
- _("(upstream) version"), &errs);
- checkversion(checkedinfo->available.version.revision,
- _("Debian revision"), &errs);
- if (errs) ohshit(_("%d errors in control file"),errs);
if (subdir) {
versionstring=
versiondescribe(&checkedinfo->available.version,vdew_never);
diff --git a/lib/dpkg/parsehelp.c b/lib/dpkg/parsehelp.c
index 928ffb7..5d80213 100644
--- a/lib/dpkg/parsehelp.c
+++ b/lib/dpkg/parsehelp.c
@@ -245,7 +245,18 @@ const char *parseversion(struct versionrevision *rversion,
const char *string) {
if (hyphen)
*hyphen++ = '\0';
rversion->revision= hyphen ? hyphen : "";
-
+
+ /* Check for invalid chars in version and revision. */
+ /* XXX: Would be faster to use something like cisversion and cisrevision. */
+ for (ptr = rversion->version; *ptr; ptr++) {
+ if (!cisdigit(*ptr) && !cisalpha(*ptr) && strchr(".-+~:", *ptr) == NULL)
+ return _("invalid character in version number");
+ }
+ for (ptr = rversion->revision; *ptr; ptr++) {
+ if (!cisdigit(*ptr) && !cisalpha(*ptr) && strchr(".-+~", *ptr) == NULL)
+ return _("invalid character in revision number");
+ }
+
return NULL;
}
diff --git a/lib/dpkg/test/t-version.c b/lib/dpkg/test/t-version.c
index 8355c6d..c7dd035 100644
--- a/lib/dpkg/test/t-version.c
+++ b/lib/dpkg/test/t-version.c
@@ -136,14 +136,11 @@ test_version_parse(void)
test_fail(parseversion(&a, "a:0-0") == NULL);
test_fail(parseversion(&a, "A:0-0") == NULL);
- /* FIXME: parseversion() should validate input! */
-#if 0
/* Test invalid characters in upstream version. */
test_fail(parseversion(&a, "0:!...@$%&/|\\<>()[]{};,=*^'-0") == NULL);
/* Test invalid characters in revision. */
test_fail(parseversion(&a, "0:0...@$%&/|\\<>()[]{};,=*^'") == NULL);
-#endif
/* FIXME: Complete. */
}
--
dpkg's main repository
--
To UNSUBSCRIBE, email to debian-dpkg-cvs-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
