The following commit has been merged in the master branch: commit 662d97913fe8d9f4aa784ca7595c415c65202148 Author: Guillem Jover <guil...@debian.org> Date: Sat Jun 26 12:17:20 2010 +0200
libdpkg: Check version syntax when parsing Remove the incomplete checkversion() from dpkg-deb as it's now unneeded. Enable test-cases for invalid characters in version and revision parts. Closes: #574704 diff --git a/debian/changelog b/debian/changelog index ab691ad..21b21c0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -56,6 +56,8 @@ dpkg (1.15.8) UNRELEASED; urgency=low Martin Pitt, thanks! Closes: #68788, #68861, #497304, #525567, #583902 * Remove obsolete internal status aliases “postinst-failed” for stat_halfconfigured and “removal-failed” for stat_halfinstalled. + * Check version syntax when parsing it from libdpkg based programs. + Closes: #574704 [ Updated programs translations ] * German (Sven Joachim). diff --git a/dpkg-deb/build.c b/dpkg-deb/build.c index 3eaaf25..03e5966 100644 --- a/dpkg-deb/build.c +++ b/dpkg-deb/build.c @@ -85,19 +85,6 @@ known_arbitrary_field(const struct arbitraryfield *field) return false; } -/* Do a quick check if vstring is a valid versionnumber. Valid in this case - * means it contains at least one digit. If an error is found increment - * *errs. - */ -static void checkversion(const char *vstring, const char *valuename, int *errs) { - const char *p; - if (!vstring || !*vstring) return; - for (p=vstring; *p; p++) if (cisdigit(*p)) return; - fprintf(stderr, _("dpkg-deb - error: %s (`%s') doesn't contain any digits\n"), - valuename, vstring); - (*errs)++; -} - static struct file_info * file_info_new(const char *filename) { @@ -228,7 +215,7 @@ void do_build(const char *const *argv) { struct pkginfo *checkedinfo; struct arbitraryfield *field; FILE *ar, *cf; - int p1[2],p2[2],p3[2], warns, errs, n, c, subdir, gzfd; + int p1[2], p2[2], p3[2], warns, n, c, subdir, gzfd; pid_t c1,c2,c3; struct stat controlstab, datastab, mscriptstab, debarstab; char conffilename[MAXCONFFILENAME+1]; @@ -277,7 +264,7 @@ void do_build(const char *const *argv) { /* Lets start by reading in the control-file so we can check its contents */ strcpy(controlfile, directory); strcat(controlfile, "/" BUILDCONTROLDIR "/" CONTROLFILE); - warns= 0; errs= 0; + warns = 0; parsedb(controlfile, pdb_recordavailable|pdb_rejectstatus, &checkedinfo, stderr, &warns); if (strspn(checkedinfo->name, @@ -297,11 +284,6 @@ void do_build(const char *const *argv) { controlfile, field->name); warns++; } - checkversion(checkedinfo->available.version.version, - _("(upstream) version"), &errs); - checkversion(checkedinfo->available.version.revision, - _("Debian revision"), &errs); - if (errs) ohshit(_("%d errors in control file"),errs); if (subdir) { versionstring= versiondescribe(&checkedinfo->available.version,vdew_never); diff --git a/lib/dpkg/parsehelp.c b/lib/dpkg/parsehelp.c index 928ffb7..5d80213 100644 --- a/lib/dpkg/parsehelp.c +++ b/lib/dpkg/parsehelp.c @@ -245,7 +245,18 @@ const char *parseversion(struct versionrevision *rversion, const char *string) { if (hyphen) *hyphen++ = '\0'; rversion->revision= hyphen ? hyphen : ""; - + + /* Check for invalid chars in version and revision. */ + /* XXX: Would be faster to use something like cisversion and cisrevision. */ + for (ptr = rversion->version; *ptr; ptr++) { + if (!cisdigit(*ptr) && !cisalpha(*ptr) && strchr(".-+~:", *ptr) == NULL) + return _("invalid character in version number"); + } + for (ptr = rversion->revision; *ptr; ptr++) { + if (!cisdigit(*ptr) && !cisalpha(*ptr) && strchr(".-+~", *ptr) == NULL) + return _("invalid character in revision number"); + } + return NULL; } diff --git a/lib/dpkg/test/t-version.c b/lib/dpkg/test/t-version.c index 8355c6d..c7dd035 100644 --- a/lib/dpkg/test/t-version.c +++ b/lib/dpkg/test/t-version.c @@ -136,14 +136,11 @@ test_version_parse(void) test_fail(parseversion(&a, "a:0-0") == NULL); test_fail(parseversion(&a, "A:0-0") == NULL); - /* FIXME: parseversion() should validate input! */ -#if 0 /* Test invalid characters in upstream version. */ test_fail(parseversion(&a, "0:!...@$%&/|\\<>()[]{};,=*^'-0") == NULL); /* Test invalid characters in revision. */ test_fail(parseversion(&a, "0:0...@$%&/|\\<>()[]{};,=*^'") == NULL); -#endif /* FIXME: Complete. */ } -- dpkg's main repository -- To UNSUBSCRIBE, email to debian-dpkg-cvs-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org