The following commit has been merged in the master branch:
commit 305711244e4ed72ff2fac0cb061d30ea7c0276cc
Author: Guillem Jover <guil...@debian.org>
Date: Mon Jun 25 11:24:26 2012 +0200
libdpkg: Detect ar header fields truncation
Do not allow building archives with truncated fields which would not
correspond to the packed member information, either the name being too
long or the size being too large.
Closes: #678933
diff --git a/debian/changelog b/debian/changelog
index eb3ef9e..bdf91b5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -30,6 +30,8 @@ dpkg (1.16.5) UNRELEASED; urgency=low
* Add new start-stop-daemon --no-close option to disable closing file
descriptors on --background. Closes: #627333, #64642
* Switch source compression to xz.
+ * Detect ar header fields truncation due to too long member names or too
+ large member sizes. Closes: #678933
[ Updated dpkg translations ]
* Swedish (Peter Krefting).
diff --git a/lib/dpkg/ar.c b/lib/dpkg/ar.c
index 5cdee16..50bca12 100644
--- a/lib/dpkg/ar.c
+++ b/lib/dpkg/ar.c
@@ -94,6 +94,11 @@ dpkg_ar_member_put_header(const char *ar_name, int ar_fd,
char header[sizeof(struct ar_hdr) + 1];
int n;
+ if (strlen(name) > 15)
+ ohshit(_("ar member name '%s' length too long"), name);
+ if (size > 9999999999L)
+ ohshit(_("ar member size %jd too large"), size);
+
n = sprintf(header, "%-16s%-12lu0 0 100644 %-10jd`\n",
name, time(NULL), (intmax_t)size);
if (n != sizeof(struct ar_hdr))
--
dpkg's main repository
--
To UNSUBSCRIBE, email to debian-dpkg-cvs-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
