RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 11-Apr-2016 11:13:28
Branch: rpm-5_4 Handle: 2016041109132800
Modified files: (Branch: rpm-5_4)
rpm/rpmdb pkgio.c
Log:
- header: fix: ensure il/dl are greater than zero.
Summary:
Revision Changes Path
1.121.2.21 +13 -5 rpm/rpmdb/pkgio.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/rpmdb/pkgio.c
============================================================================
$ cvs diff -u -r1.121.2.20 -r1.121.2.21 pkgio.c
--- rpm/rpmdb/pkgio.c 11 Apr 2016 07:00:16 -0000 1.121.2.20
+++ rpm/rpmdb/pkgio.c 11 Apr 2016 09:13:28 -0000 1.121.2.21
@@ -1072,7 +1072,6 @@
const void * sig = NULL;
rpmVSFlags vsflags = pgpDigVSFlags;
size_t siglen = 0;
- int blen;
rpmuint32_t ril = 0;
const unsigned char * regionEnd = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
@@ -1104,7 +1103,11 @@
/* Is there an immutable header region tag? */
if (entry->info.tag != RPMTAG_HEADERIMMUTABLE) {
- rc = RPMRC_NOTFOUND;
+ if (entry->info.tag < RPMTAG_HEADERI18NTABLE) {
+ (void) snprintf(buf, sizeof(buf),
+ _("region tag: BAD, %s"), entryInfoStr(&entry->info));
+ } else
+ rc = RPMRC_NOTFOUND;
goto exit;
}
@@ -1163,6 +1166,7 @@
switch (entry->info.tag) {
case RPMTAG_SHA1HEADER:
{ const unsigned char * b;
+ int blen;
if (vsflags & RPMVSF_NOSHA1HEADER)
break;
if (entry->info.type != RPM_STRING_TYPE || entry->info.count != 1)
@@ -1478,12 +1482,15 @@
(void) headerGetMagic(NULL, &b, &nb);
if (memcmp(block, b, nb)) {
unsigned char * x = (unsigned char *) block;
- (void) snprintf(buf, sizeof(buf), _("hdr magic: BAD, read
%02x%02x%02x%02x%02x%02x%02x%02x"), x[0], x[1], x[2], x[3], x[4], x[5], x[6],
x[7]);
+ (void) snprintf(buf, sizeof(buf),
+ _("hdr magic: BAD, read %02x%02x%02x%02x%02x%02x%02x%02x"),
+ x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7]);
goto exit;
}
il = (rpmuint32_t)ntohl(block[2]);
- if ((il * sizeof(struct entryInfo_s)) > (st->st_size - startoff -
sizeof(block))
+ if (il < 1
+ || (il * sizeof(struct entryInfo_s)) > (st->st_size - startoff -
sizeof(block))
|| hdrchkTags(il))
{
(void) snprintf(buf, sizeof(buf),
@@ -1493,7 +1500,8 @@
goto exit;
}
dl = (rpmuint32_t)ntohl(block[3]);
- if (dl > (st->st_size - startoff - sizeof(block))
+ if (dl < 1
+ || dl > (st->st_size - startoff - sizeof(block))
|| hdrchkData(dl))
{
(void) snprintf(buf, sizeof(buf),
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
