RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 11-Apr-2016 11:18:28
Branch: rpm-5_4 Handle: 2016041109182800
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- header: fix: check that STRING_ARRAY has the right number of NUL's in
blob.
- header: fix: ensure STRING_ARRAY data is NUL terminated.
Summary:
Revision Changes Path
1.198.2.22 +5 -0 rpm/rpmdb/header.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header.c
============================================================================
$ cvs diff -u -r1.198.2.21 -r1.198.2.22 header.c
--- rpm/rpmdb/header.c 10 Apr 2016 22:03:54 -0000 1.198.2.21
+++ rpm/rpmdb/header.c 11 Apr 2016 09:18:28 -0000 1.198.2.22
@@ -1414,6 +1414,7 @@
{ const char ** argv;
size_t nb = count * sizeof(*argv);
char * t;
+ char * te;
unsigned i;
if (minMem) {
@@ -1423,12 +1424,16 @@
he->p.argv = argv = (const char **) DRD_xmalloc(nb + entry->length);
t = (char *) &argv[count];
memcpy(t, entry->data, entry->length);
+ t[entry->length-1] = '\0'; /* XXX ensure NUL terminated */
}
+ te = t + entry->length;
for (i = 0; i < (unsigned) count; i++) {
argv[i] = t;
t = strchr(t, 0);
t++;
}
+ if (t != te) /* XXX ensure full copy */
+ rc = 0;
} break;
default:
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
