Sophie

Sophie

distrib > Mandriva > 2010.1 > x86_64 > media > main-updates-src > by-pkgid > dec4e1edeef36e7485e13bf42f1af5da > files > 11

rpm-4.6.0-14.3mnb2.src.rpm


http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=30635dd4330a192fa2b6e202a0e2490eba599a93

diff -Naurp rpm-4.6.0/lib/header.c rpm-4.6.0.oden/lib/header.c
--- rpm-4.6.0/lib/header.c	2011-10-05 12:38:32.000000000 +0000
+++ rpm-4.6.0.oden/lib/header.c	2011-10-05 13:00:55.000000000 +0000
@@ -379,6 +379,10 @@ static int regionSwab(indexEntry entry,
     struct indexEntry_s ieprev;
 
     memset(&ieprev, 0, sizeof(ieprev));
+
+    if ((entry != NULL && regionid >= 0) || (entry == NULL && regionid != 0))
+	return -1;
+
     for (; il > 0; il--, pe++) {
 	struct indexEntry_s ie;
 	rpmTagType type;
@@ -903,7 +907,7 @@ Header headerLoad(void * uh)
 
 	{   int off = ntohl(pe->offset);
 
-	    if (hdrchkData(off))
+	    if (hdrchkData(off) || hdrchkRange(dl, off))
 		goto errxit;
 	    if (off) {
 		size_t nb = REGION_TAG_COUNT;
@@ -962,6 +966,11 @@ Header headerLoad(void * uh)
 	    h->indexUsed += ne;
 	  }
 	}
+
+	rdlen += REGION_TAG_COUNT;
+	/* XXX should be equality test, but dribbles are sometimes a bit off? */
+	if (rdlen > dl || (rdlen < dl && ril == h->indexUsed))
+	    goto errxit;
     }
 
     h->flags &= ~HEADERFLAG_SORTED;
diff -Naurp rpm-4.6.0/rpmio/rpmpgp.c rpm-4.6.0.oden/rpmio/rpmpgp.c
--- rpm-4.6.0/rpmio/rpmpgp.c	2009-01-08 11:34:38.000000000 +0000
+++ rpm-4.6.0.oden/rpmio/rpmpgp.c	2011-10-05 12:49:41.000000000 +0000
@@ -470,6 +470,9 @@ static int pgpPrtSubType(const uint8_t *
 
     while (hlen > 0) {
 	i = pgpLen(p, &plen);
+	if (i + plen > hlen)
+	    break;
+
 	p += i;
 	hlen -= i;
 
@@ -552,7 +555,7 @@ static int pgpPrtSubType(const uint8_t *
 	p += plen;
 	hlen -= plen;
     }
-    return 0;
+    return (hlen != 0); /* non-zero hlen is an error */
 }
 
 static const char * const pgpSigRSA[] = {
@@ -711,7 +714,8 @@ fprintf(stderr, "   hash[%zu] -- %s\n",
 	    _digp->hashlen = sizeof(*v) + plen;
 	    _digp->hash = memcpy(xmalloc(_digp->hashlen), v, _digp->hashlen);
 	}
-	(void) pgpPrtSubType(p, plen, v->sigtype, _digp);
+	if (pgpPrtSubType(p, plen, v->sigtype, _digp))
+	    return 1;
 	p += plen;
 
 	plen = pgpGrab(p,2);
@@ -722,7 +726,8 @@ fprintf(stderr, "   hash[%zu] -- %s\n",
 
 if (_debug && _print)
 fprintf(stderr, " unhash[%zu] -- %s\n", plen, pgpHexStr(p, plen));
-	(void) pgpPrtSubType(p, plen, v->sigtype, _digp);
+	if (pgpPrtSubType(p, plen, v->sigtype, _digp))
+	    return 1;
 	p += plen;
 
 	plen = pgpGrab(p,2);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional