[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 19-Apr-2016 15:23:02
Branch: rpm-5_4 Handle: 2016041913230200
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- header: re-add trailer copy to avoid alignment issues.
Summary:
RevisionChanges Path
1.198.2.25 +9 -3 rpm/rpmdb/header.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header.c
$ cvs diff -u -r1.198.2.24 -r1.198.2.25 header.c
--- rpm/rpmdb/header.c15 Apr 2016 18:23:56 - 1.198.2.24
+++ rpm/rpmdb/header.c19 Apr 2016 13:23:02 - 1.198.2.25
@@ -722,6 +722,7 @@
memcpy(pe+1, src, rdl);
memcpy(te, src + rdl, rdlen);
te += rdlen;
+ /* XXX FIXME: te should be aligned to next 16b boundary? */
pe->offset = (rpmint32_t) htonl(te - dataStart);
stei[0] = (rpmuint32_t) pe->tag;
@@ -738,6 +739,7 @@
memcpy(pe+1, src + sizeof(*pe), ((ril-1) * sizeof(*pe)));
memcpy(te, src + (ril * sizeof(*pe)),
rdlen+entry->info.count+drlen);
te += rdlen;
+ /* XXX FIXME: te should be aligned to next 16b boundary? */
{
entryInfo se = (entryInfo)src;
rpmint32_t off = (rpmint32_t) ntohl(se->offset);
@@ -785,6 +787,7 @@
/* Insure that there are no memcpy underruns/overruns. */
if (((unsigned char *)pe) != dataStart)
goto errxit;
+/* XXX FIXME: update len when te is aligned? */
if unsigned char *)ei)+len) != te)
goto errxit;
@@ -995,8 +998,10 @@
if (off < 0)
goto errxit;
if (off) {
- rpmuint32_t * stei = (rpmuint32_t *) (dataStart + off);
size_t nb = REGION_TAG_COUNT;
+ /* XXX copy to fix alignment problems */
+rpmuint32_t * stei = (rpmuint32_t *)
+ memcpy(alloca(nb), dataStart + off, nb);
if ((off + nb) > dl)
goto errxit;
rdl = (rpmuint32_t)-ntohl(stei[2]); /* negative offset */
@@ -1440,9 +1445,10 @@
t++;
}
if (t > te) {
+ count = 1;
rpmlog(RPMLOG_ERR,
- _("STRING_ARRAY overrun: tag(%u) entry %p[%u] count reset %u ->
%u\n"),
- he->tag, entry->data, (unsigned)entry->length,
+ _("STRING_ARRAY overrun: tag(%u) entry %p[%u] rdlen %u count
reset %u -> %u\n"),
+ he->tag, entry->data, (unsigned)entry->length,
(unsigned)entry->rdlen,
entry->info.count, (unsigned)count);
} else
if ((te-t) >= 8) { /* XXX entry->length +padding */
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 12-Apr-2016 00:00:58
Branch: rpm-5_4 Handle: 2016041122005200
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- header: deal with tag padding, detect STRING_ARRAY
overruns/underruns.
Summary:
RevisionChanges Path
1.198.2.23 +16 -10 rpm/rpmdb/header.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header.c
$ cvs diff -u -r1.198.2.22 -r1.198.2.23 header.c
--- rpm/rpmdb/header.c11 Apr 2016 09:18:28 - 1.198.2.22
+++ rpm/rpmdb/header.c11 Apr 2016 22:00:52 - 1.198.2.23
@@ -311,7 +311,7 @@
break;
/* These are like RPM_STRING_TYPE, except they're *always* an array */
/* Compute sum of length of all strings, including nul terminators */
-case RPM_I18NSTRING_TYPE:
+case RPM_I18NSTRING_TYPE:/* XXX treat as raw string array. */
case RPM_STRING_ARRAY_TYPE:
if (onDisk) {
while (count--) {
@@ -418,8 +418,9 @@
nb = he->c * sizeof(*he->p.ui64p);
break;
#if !defined(SUPPORT_I18NSTRING_TYPE)
-case RPM_I18NSTRING_TYPE:
+case RPM_I18NSTRING_TYPE:/* XXX already done? */
he->t = RPM_STRING_TYPE;
+ he->c = 1;
/*@fallthrough@*/
#endif
case RPM_STRING_TYPE:
@@ -1350,6 +1351,7 @@
*/
static int copyEntry(const indexEntry entry, HE_t he, int minMem)
{
+rpmTagType type = entry->info.type;
rpmTagCount count = entry->info.count;
int rc = 1; /* XXX 1 on success. */
@@ -1397,7 +1399,8 @@
break;
#if !defined(SUPPORT_I18NSTRING_TYPE)
case RPM_I18NSTRING_TYPE:
- he->t = RPM_STRING_TYPE;
+ type = RPM_STRING_TYPE;
+ count = 1;
he->p.str = (char *) entry->data;
break;
#endif
@@ -1426,21 +1429,27 @@
memcpy(t, entry->data, entry->length);
t[entry->length-1] = '\0'; /* XXX ensure NUL terminated */
}
- te = t + entry->length;
+ te = t + entry->length; /* XXX entry->length +padding */
for (i = 0; i < (unsigned) count; i++) {
argv[i] = t;
t = strchr(t, 0);
t++;
}
- if (t != te)/* XXX ensure full copy */
+ if (t > te) {
+fprintf(stderr, "*** %s: STRING_ARRAY overrun\n", __FUNCTION__, rc, t, te);
+ rc = 0;
+ } else
+ if ((te-t) >= 8) { /* XXX entry->length +padding */
+fprintf(stderr, "*** %s: STRING_ARRAY underrun\n", __FUNCTION__, rc, t, te);
rc = 0;
+ }
}break;
default:
he->p.ptr = entry->data;
break;
}
-he->t = entry->info.type;
+he->t = type;
he->c = count;
return rc;
}
@@ -1613,7 +1622,6 @@
}
/*@fallthrough@*/
#endif
-case RPM_STRING_TYPE:
default:
rc = copyEntry(entry, he, minMem);
break;
@@ -1636,9 +1644,7 @@
int rc = 0; /* assume success */
switch (he->t) {
-#if defined(SUPPORT_I18NSTRING_TYPE) /* XXX used while reloading? */
-case RPM_I18NSTRING_TYPE:
-#endif
+case RPM_I18NSTRING_TYPE:/* XXX used while reloading? */
case RPM_STRING_ARRAY_TYPE:
{const char ** av = he->p.argv;
rpmTagCount cnt = he->c;
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 11-Apr-2016 11:18:28
Branch: rpm-5_4 Handle: 2016041109182800
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- header: fix: check that STRING_ARRAY has the right number of NUL's in
blob.
- header: fix: ensure STRING_ARRAY data is NUL terminated.
Summary:
RevisionChanges Path
1.198.2.22 +5 -0 rpm/rpmdb/header.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header.c
$ cvs diff -u -r1.198.2.21 -r1.198.2.22 header.c
--- rpm/rpmdb/header.c10 Apr 2016 22:03:54 - 1.198.2.21
+++ rpm/rpmdb/header.c11 Apr 2016 09:18:28 - 1.198.2.22
@@ -1414,6 +1414,7 @@
{const char ** argv;
size_t nb = count * sizeof(*argv);
char * t;
+ char * te;
unsigned i;
if (minMem) {
@@ -1423,12 +1424,16 @@
he->p.argv = argv = (const char **) DRD_xmalloc(nb + entry->length);
t = (char *) [count];
memcpy(t, entry->data, entry->length);
+ t[entry->length-1] = '\0'; /* XXX ensure NUL terminated */
}
+ te = t + entry->length;
for (i = 0; i < (unsigned) count; i++) {
argv[i] = t;
t = strchr(t, 0);
t++;
}
+ if (t != te)/* XXX ensure full copy */
+ rc = 0;
}break;
default:
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 20:38:59
Branch: rpm-5_4 Handle: 2016040418385800
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- remove debugging printf.
Summary:
RevisionChanges Path
1.198.2.20 +0 -1 rpm/rpmdb/header.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header.c
$ cvs diff -u -r1.198.2.19 -r1.198.2.20 header.c
--- rpm/rpmdb/header.c4 Apr 2016 04:16:29 - 1.198.2.19
+++ rpm/rpmdb/header.c4 Apr 2016 18:38:58 - 1.198.2.20
@@ -1536,7 +1536,6 @@
} else {
he->p.argv = argv = (const char **) DRD_xmalloc(nb + entry->length);
t = (char *) [count];
-fprintf(stderr, "*** %s: memcpy(%p, %p, %u)\n", __FUNCTION__, t,
entry->data, (unsigned)entry->length);
memcpy(t, entry->data, entry->length);
}
/*@=mods@*/
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 04-Apr-2016 06:16:29
Branch: rpm-5_4 Handle: 2016040404162900
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- header: remove the damaged tags assert failure.
Summary:
RevisionChanges Path
1.198.2.19 +221 -24rpm/rpmdb/header.c
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header.c
$ cvs diff -u -r1.198.2.18 -r1.198.2.19 header.c
--- rpm/rpmdb/header.c21 Mar 2016 22:08:51 - 1.198.2.18
+++ rpm/rpmdb/header.c4 Apr 2016 04:16:29 - 1.198.2.19
@@ -32,13 +32,15 @@
#endif /* __cplusplus */
#if defined(SUPPORT_IMPLICIT_TAG_DATA_TYPES)
-extern void tagTypeValidate(HE_t he)
+extern void tagTypeValidate(HE_t he, unsigned int flags)
/*@*/;
#endif
/*@unchecked@*/
int _hdr_debug = 0;
+static int jbj;
+
/** \ingroup header
*/
/*@-type@*/
@@ -337,10 +339,6 @@
size_t length = 0;
switch (type) {
-#if !defined(SUPPORT_I18NSTRING_TYPE)
-case RPM_I18NSTRING_TYPE:
-assert(0);
-#endif
case RPM_STRING_TYPE:
if (count != 1)
return 0;
@@ -353,9 +351,7 @@
break;
/* These are like RPM_STRING_TYPE, except they're *always* an array */
/* Compute sum of length of all strings, including nul terminators */
-#if defined(SUPPORT_I18NSTRING_TYPE)
case RPM_I18NSTRING_TYPE:
-#endif
case RPM_STRING_ARRAY_TYPE:
if (onDisk) {
while (count--) {
@@ -1082,9 +1078,10 @@
rpmuint32_t * stei = (rpmuint32_t *)
memcpy(alloca(nb), dataStart + off, nb);
rdl = (rpmuint32_t)-ntohl(stei[2]); /* negative offset */
-assert((rpmint32_t)rdl >= 0);/* XXX insurance */
+ if (hdrchkData(rdl))
+ goto errxit;
ril = (rpmuint32_t)(rdl/sizeof(*pe));
- if (hdrchkTags(ril) || hdrchkData(rdl))
+ if (hdrchkTags(ril))
goto errxit;
} else {
ril = il;
@@ -1425,7 +1422,8 @@
fprintf(stderr, "==> munmap(%p[%u]) error(%d): %s\n",
nuh, (unsigned)pvlen, errno, strerror(errno));
}
-} else {
+} else
+{
nuh = memcpy(xmalloc(pvlen), uh, pvlen);
if ((nh = headerLoad(nuh)) != NULL)
nh->flags |= HEADERFLAG_ALLOCATED;
@@ -1538,6 +1536,7 @@
} else {
he->p.argv = argv = (const char **) DRD_xmalloc(nb + entry->length);
t = (char *) [count];
+fprintf(stderr, "*** %s: memcpy(%p, %p, %u)\n", __FUNCTION__, t,
entry->data, (unsigned)entry->length);
memcpy(t, entry->data, entry->length);
}
/*@=mods@*/
@@ -1695,6 +1694,21 @@
}
#endif
+static void
+dumpEntry(const char *msg, indexEntry entry)
+{
+if (msg)
+ fprintf(stderr, " %s %p\n", msg, entry);
+if (entry)
+fprintf(stderr, "\tentry tag %d type %d offset %d count %d data
%p[%u]\n",
+ entry->info.tag,
+ entry->info.type,
+ entry->info.offset,
+ entry->info.count,
+ entry->data,
+ (unsigned)entry->length);
+}
+
/**
* Retrieve tag data from header.
* @param h header
@@ -1702,13 +1716,15 @@
* @param flags headerGet flags
* @return 1 on success, 0 on not found
*/
-static int intGetEntry(Header h, HE_t he, int flags)
+static int intGetEntry(Header h, HE_t he, unsigned int flags)
/*@modifies he @*/
{
int minMem = 0;
indexEntry entry;
int rc;
+if (jbj)
+fprintf(stderr, "--> %s(%p,%p, 0x%x) tag %d\n", __FUNCTION__, h, he, flags,
he ->tag);
/* First find the tag */
/*@-mods@*/ /*@ FIX: h modified by sort. */
entry = findEntry(h, he->tag, (rpmTagType)0);
@@ -1720,6 +1736,90 @@
return 0;
}
+/* XXX sanity check on count field */
+if (entry->info.count > entry->length) {
+ size_t count = entry->info.count;
+ entry->info.count = entry->length;
+fprintf(stderr, "*** %s: OVERRIDE\ttag %d type %d count %u -> %u\n",
__FUNCTION__, he->tag, entry->info.type, count, (unsigned)entry->info.count);
+}
+
+/* XXX Hardwire signature header tag type/count. */
+if (flags & HEADERGET_SIGHEADER || he->tag == RPMTAG_PUBKEYS) {
+if (jbj)
+dumpEntry("before",
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 15-May-2014 01:05:27 Branch: rpm-5_4 Handle: 2014051423051400 Modified files: (Branch: rpm-5_4) rpm/rpmdb header.c Log: - coverity #1214080 Summary: RevisionChanges Path 1.198.2.10 +1 -0 rpm/rpmdb/header.c patch -p0 '@@ .' Index: rpm/rpmdb/header.c $ cvs diff -u -r1.198.2.9 -r1.198.2.10 header.c --- rpm/rpmdb/header.c26 Aug 2013 21:35:57 - 1.198.2.9 +++ rpm/rpmdb/header.c14 May 2014 23:05:14 - 1.198.2.10 @@ -1398,6 +1398,7 @@ static const int fdno = -1; static const off_t off = 0; nuh = mmap(NULL, pvlen, prot, flags, fdno, off); +assert(nuh != NULL nuh != (void *)-1);/* coverity #1214080 */ if (nuh == NULL || nuh == (void *)-1) fprintf(stderr, == mmap(%p[%u], 0x%x, 0x%x, %d, 0x%x) error(%d): %s\n, @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 26-Aug-2013 23:35:58
Branch: rpm-5_4 Handle: 2013082621355700
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- fix: fix UINT64 assertion.
Summary:
RevisionChanges Path
1.198.2.9 +1 -1 rpm/rpmdb/header.c
patch -p0 '@@ .'
Index: rpm/rpmdb/header.c
$ cvs diff -u -r1.198.2.8 -r1.198.2.9 header.c
--- rpm/rpmdb/header.c28 Jun 2013 16:57:10 - 1.198.2.8
+++ rpm/rpmdb/header.c26 Aug 2013 21:35:57 - 1.198.2.9
@@ -398,7 +398,7 @@
switch (he-t) {
case RPM_UINT64_TYPE:
{rpmuint32_t * tt = (rpmuint32_t *)t;
-assert(nb == (he-c * sizeof(*tt)));
+assert(nb == (2 * he-c * sizeof(*tt)));
for (i = 0; i he-c; i++) {
rpmuint32_t j = 2 * i;
rpmuint32_t b = (rpmuint32_t) htonl(he-p.ui32p[j]);
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm-5_4: rpm/rpmdb/ header.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 28-Jun-2013 18:57:10
Branch: rpm-5_4 Handle: 2013062816571000
Modified files: (Branch: rpm-5_4)
rpm/rpmdb header.c
Log:
- coverity #1035890
Summary:
RevisionChanges Path
1.198.2.8 +9 -2 rpm/rpmdb/header.c
patch -p0 '@@ .'
Index: rpm/rpmdb/header.c
$ cvs diff -u -r1.198.2.7 -r1.198.2.8 header.c
--- rpm/rpmdb/header.c4 Jun 2012 15:10:18 - 1.198.2.7
+++ rpm/rpmdb/header.c28 Jun 2013 16:57:10 - 1.198.2.8
@@ -1330,11 +1330,11 @@
h = NULL ;
/*@=onlytrans@*/
if (uh == NULL)
- return NULL;
+ goto errxit;
nh = headerLoad(uh);
if (nh == NULL) {
uh = _free(uh);
- return NULL;
+ goto errxit;
}
nh-flags = ~(HEADERFLAG_MAPPED|HEADERFLAG_RDONLY); /* XXX unnecessary
*/
nh-flags |= HEADERFLAG_ALLOCATED;
@@ -1366,6 +1366,13 @@
if (_hdr_debug)
fprintf(stderr, -- h %p %s: blob %p[%u] flags 0x%x\n, nh,
__FUNCTION__, nh-blob, (unsigned)nh-bloblen, nh-flags);
return nh;
+
+errxit:
+digest = _free(digest);
+baseurl = _free(baseurl);
+parent = _free(parent);
+origin = _free(origin);
+return NULL;
}
static Header headerMap(const void * uh, int map)
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
