diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2011-10-03 17:49:29 +0300 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2011-10-03 17:59:18 +0300 |
| commit | 472e569562d4c90d7a298080e0052856aa7fa86b (patch) | |
| tree | 4e7ce9d002cc2869c76d3f01dc8abfe5df65d93e | |
| parent | 30635dd4330a192fa2b6e202a0e2490eba599a93 (diff) | |
| download | librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.tar.gz librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.tar.bz2 librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.zip | |
Sanity check region length on header load
- Region size can't obviously be larger than the containing header,
sanity check to avoid crashes from malformed packages.
- We should really test for length equality here, but with dribbles
the size is sometimes off by three, whatever the reason (bug likely),
leaving that investigation for some sunnier day...
| -rw-r--r-- | lib/header.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/header.c b/lib/header.c index c77196749..b01d1e48b 100644 --- a/lib/header.c +++ b/lib/header.c @@ -895,6 +895,11 @@ Header headerLoad(void * uh) h->indexUsed += ne; } } + + rdlen += REGION_TAG_COUNT; + /* XXX should be equality test, but dribbles are sometimes a bit off? */ + if (rdlen > dl || (rdlen < dl && ril == h->indexUsed)) + goto errxit; } h->flags &= ~HEADERFLAG_SORTED; |