diff options
| author | Panu Matilainen <Panu Matilainen pmatilai@redhat.com> | 2011-08-17 08:17:13 +0300 |
|---|---|---|
| committer | Panu Matilainen <Panu Matilainen pmatilai@redhat.com> | 2011-08-17 08:17:13 +0300 |
| commit | df603a246850aa2b912547ba8f20f34ba1cc3626 (patch) | |
| tree | 3db0a8df335c25081241106adb1f4cd59cb1f761 | |
| parent | 1a02428e99f357ec2e972253b4518e47e8d071d4 (diff) | |
| download | rpm-df603a246850aa2b912547ba8f20f34ba1cc3626.tar.gz rpm-df603a246850aa2b912547ba8f20f34ba1cc3626.tar.bz2 rpm-df603a246850aa2b912547ba8f20f34ba1cc3626.zip | |
Validate query format field width specifier is sane
- Only allow [[-]<number>] in the format field, users have no business
telling which format conversion sprintf() should use for tag data.
Fixes embarrassing segfaults from things like %s{size} which rpm
has merrily passed on to sprintf() as-is.
| -rw-r--r-- | lib/headerfmt.c | 8 | ||||
| -rw-r--r-- | tests/rpmquery.at | 14 |
2 files changed, 21 insertions, 1 deletions
diff --git a/lib/headerfmt.c b/lib/headerfmt.c index 266488a0c..45c52c2b0 100644 --- a/lib/headerfmt.c +++ b/lib/headerfmt.c @@ -331,7 +331,13 @@ static int parseFormat(headerSprintfArgs hsa, char * str, token->u.tag.justOne = 0; chptr = start; - while (*chptr && *chptr != '{' && *chptr != '%') chptr++; + while (*chptr && *chptr != '{' && *chptr != '%') { + if (!risdigit(*chptr) && *chptr != '-') { + hsa->errmsg = _("invalid field width"); + goto errxit; + } + chptr++; + } if (!*chptr || *chptr == '%') { hsa->errmsg = _("missing { after %"); goto errxit; diff --git a/tests/rpmquery.at b/tests/rpmquery.at index 021b166b8..5a7470f7e 100644 --- a/tests/rpmquery.at +++ b/tests/rpmquery.at @@ -385,3 +385,17 @@ runroot rpm \ [(not a number)], []) AT_CLEANUP + +# ------------------------------ +AT_SETUP([invalid format width query]) +AT_KEYWORDS([query]) +AT_CHECK([ +runroot rpm \ + --queryformat="%ss{size}" \ + -qp /data/RPMS/foo-1.0-1.noarch.rpm +], +[0], +[], +[error: incorrect format: invalid field width +]) +AT_CLEANUP |