rpms/rpm
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix invalid memory access on %transfiletriggerpostun (#1284645)

Browse Source
This commit is contained in:
Panu Matilainen 2016-11-07 15:09:30 +02:00
parent 9e615fd4e0
commit d3306a5d53
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
rpm-4.13.x-transfiletriggerpostun-invalid-read.patch Normal file
View File

@ -0,0 +1,40 @@
From f6521c50f6836374a0f7995f8f393aaf36e178ea Mon Sep 17 00:00:00 2001
Message-Id: <f6521c50f6836374a0f7995f8f393aaf36e178ea.1478522529.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 7 Nov 2016 13:38:39 +0200
Subject: [PATCH] Fix %transfiletriggerpostun undeterministic behavior
(RhBug:1284645)
Keys from rpmdbIndexIteratorNext() are not necessarily \0-terminated,
buyer beware.
Sometimes you get lucky, but in particular when built as PIE (such as
by default in Fedora) this falls over consistently.
In Fedora this has been hidden by the fact that test suite has been
disabled because its been so broken with fakechroot until recently,
and without PIE the testsuite regularly passes. Valgrind does
complain though.
---
lib/rpmtriggers.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
index a8612c0..ca22a6b 100644
--- a/lib/rpmtriggers.c
+++ b/lib/rpmtriggers.c
@@ -114,8 +114,11 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
/* Iterate over file triggers in rpmdb */
while ((rpmdbIndexIteratorNext(ii, &key, &keylen)) == 0) {
+ char pfx[keylen + 1];
+ memcpy(pfx, key, keylen);
+ pfx[keylen] = '\0';
/* Check if file trigger matches any file in this te */
- rpmfi fi = rpmfilesFindPrefix(files, key);
+ rpmfi fi = rpmfilesFindPrefix(files, pfx);
if (rpmfiFC(fi) > 0) {
/* If yes then store it */
rpmdbAppendIterator(mi, rpmdbIndexIteratorPkgOffsets(ii),
--
2.7.4

7
rpm.spec
View File

@ -29,7 +29,7 @@
Summary: The RPM package management system Summary: The RPM package management system
Name: rpm Name: rpm
Version: %{rpmver} Version: %{rpmver}
Release: %{?snapver:0.%{snapver}.}2%{?dist} Release: %{?snapver:0.%{snapver}.}3%{?dist}
Group: System Environment/Base Group: System Environment/Base
Url: http://www.rpm.org/ Url: http://www.rpm.org/
Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2 Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
@ -52,6 +52,8 @@ Patch4: rpm-4.8.1-use-gpg2.patch
Patch5: rpm-4.12.0-rpm2cpio-hack.patch Patch5: rpm-4.12.0-rpm2cpio-hack.patch
# Patches already upstream: # Patches already upstream:
Patch100: rpm-4.13.x-transfiletriggerpostun-invalid-read.patch
Patch133: rpm-4.13.x-pythondistdeps.patch Patch133: rpm-4.13.x-pythondistdeps.patch
Patch134: rpm-4.13.x-pythondistdeps-Makefile.patch Patch134: rpm-4.13.x-pythondistdeps-Makefile.patch
Patch135: rpm-4.13.x-pythondistdeps-fileattr.patch Patch135: rpm-4.13.x-pythondistdeps-fileattr.patch
@ -556,6 +558,9 @@ exit 0
%doc doc/librpm/html/* %doc doc/librpm/html/*
%changelog %changelog
* Mon Nov 07 2016 Panu Matilainen <pmatilai@redhat.com> - 4.13.0-3
- Fix invalid memory access on %transfiletriggerpostun (#1284645)
* Fri Nov 04 2016 Thierry Vignaud <tvignaud@redhat.com> - 4.13.0-2 * Fri Nov 04 2016 Thierry Vignaud <tvignaud@redhat.com> - 4.13.0-2
- Fix package name references in python sub-packages to match reality - Fix package name references in python sub-packages to match reality
- Re-enable test-suite now that it works again - Re-enable test-suite now that it works again