- Fix crash when parsing corrupted RPM file

- Resolves: #1273360
This commit is contained in:
Lubos Kardos 2015-11-06 16:24:27 +01:00
parent aa8a7b2897
commit f545271021
2 changed files with 64 additions and 1 deletions

View File

@ -0,0 +1,59 @@
From 9c36ca411332d2718eca339e867561c39abc256b Mon Sep 17 00:00:00 2001
From: Lubos Kardos <lkardos@redhat.com>
Date: Fri, 6 Nov 2015 14:49:59 +0100
Subject: [PATCH] Fix crash when parsing corrupted RPM file (rhbz:1273360)
---
lib/legacy.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/lib/legacy.c b/lib/legacy.c
index 422c2b0..8ba7bbd 100644
--- a/lib/legacy.c
+++ b/lib/legacy.c
@@ -25,7 +25,7 @@ static void compressFilelist(Header h)
char ** dirNames;
const char ** baseNames;
uint32_t * dirIndexes;
- rpm_count_t count;
+ rpm_count_t count, realCount = 0;
int i;
int dirIndex = -1;
@@ -58,6 +58,7 @@ static void compressFilelist(Header h)
while ((i = rpmtdNext(&fileNames)) >= 0) {
dirIndexes[i] = dirIndex;
baseNames[i] = rpmtdGetString(&fileNames);
+ realCount++;
}
goto exit;
}
@@ -87,19 +88,20 @@ static void compressFilelist(Header h)
(needle = bsearch(&filename, dirNames, dirIndex + 1, sizeof(dirNames[0]), dncmp)) == NULL) {
char *s = xmalloc(len + 1);
rstrlcpy(s, filename, len + 1);
- dirIndexes[i] = ++dirIndex;
+ dirIndexes[realCount] = ++dirIndex;
dirNames[dirIndex] = s;
} else
- dirIndexes[i] = needle - dirNames;
+ dirIndexes[realCount] = needle - dirNames;
*baseName = savechar;
- baseNames[i] = baseName;
+ baseNames[realCount] = baseName;
+ realCount++;
}
exit:
if (count > 0) {
- headerPutUint32(h, RPMTAG_DIRINDEXES, dirIndexes, count);
- headerPutStringArray(h, RPMTAG_BASENAMES, baseNames, count);
+ headerPutUint32(h, RPMTAG_DIRINDEXES, dirIndexes, realCount);
+ headerPutStringArray(h, RPMTAG_BASENAMES, baseNames, realCount);
headerPutStringArray(h, RPMTAG_DIRNAMES,
(const char **) dirNames, dirIndex + 1);
}
--
1.9.3

View File

@ -29,7 +29,7 @@
Summary: The RPM package management system Summary: The RPM package management system
Name: rpm Name: rpm
Version: %{rpmver} Version: %{rpmver}
Release: %{?snapver:0.%{snapver}.}10%{?dist} Release: %{?snapver:0.%{snapver}.}11%{?dist}
Group: System Environment/Base Group: System Environment/Base
Url: http://www.rpm.org/ Url: http://www.rpm.org/
Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2 Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2
@ -61,6 +61,7 @@ Patch105: rpm-4.13.0-rpmdeps-weakdep-support.patch
Patch106: rpm-4.13.0-autopatch-fix.patch Patch106: rpm-4.13.0-autopatch-fix.patch
Patch107: rpm-4.13.0-ignore-sigpipe.patch Patch107: rpm-4.13.0-ignore-sigpipe.patch
Patch108: rpm-4.13.0-unsupported-keys.patch Patch108: rpm-4.13.0-unsupported-keys.patch
Patch109: rpm-4.13.0-fix-crash-on-corrupted.patch
# These are not yet upstream # These are not yet upstream
Patch302: rpm-4.7.1-geode-i686.patch Patch302: rpm-4.7.1-geode-i686.patch
@ -565,6 +566,9 @@ exit 0
%doc doc/librpm/html/* %doc doc/librpm/html/*
%changelog %changelog
* Fri Nov 06 2015 Lubos Kardos <lkardos@rpm.org> - 4.13.0-0.rc1.11
- Fix crash when parsing corrupted RPM file (#1273360)
* Fri Nov 06 2015 Lubos Kardos <lkardos@rpm.org> - 4.13.0-0.rc1.10 * Fri Nov 06 2015 Lubos Kardos <lkardos@rpm.org> - 4.13.0-0.rc1.10
- Fix SIGSEGV in case of old unsupported gpg keys (#1277464) - Fix SIGSEGV in case of old unsupported gpg keys (#1277464)