Sanity check region length on header load

- Region size can't obviously be larger than the containing header, sanity check to avoid crashes from malformed packages. - We should really test for length equality here, but with dribbles the size is sometimes off by three, whatever the reason (bug likely), leaving that investigation for some sunnier day...
author: Panu Matilainen <pmatilai@redhat.com> 2011-10-03 17:49:29 +0300
committer: Panu Matilainen <pmatilai@redhat.com> 2011-10-03 17:59:18 +0300
commit: 472e569562d4c90d7a298080e0052856aa7fa86b (patch)
tree: 4e7ce9d002cc2869c76d3f01dc8abfe5df65d93e /lib/header.c
parent: 30635dd4330a192fa2b6e202a0e2490eba599a93 (diff)
download: librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.tar.gz
librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.tar.bz2
librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/header.c b/lib/header.c
index c77196749..b01d1e48b 100644
--- a/lib/header.c
+++ b/lib/header.c
@@ -895,6 +895,11 @@ Header headerLoad(void * uh)
 	    h->indexUsed += ne;
 	  }
 	}
+
+	rdlen += REGION_TAG_COUNT;
+	/* XXX should be equality test, but dribbles are sometimes a bit off? */
+	if (rdlen > dl || (rdlen < dl && ril == h->indexUsed))
+	    goto errxit;
     }
 
     h->flags &= ~HEADERFLAG_SORTED;
author	Panu Matilainen <pmatilai@redhat.com>	2011-10-03 17:49:29 +0300
committer	Panu Matilainen <pmatilai@redhat.com>	2011-10-03 17:59:18 +0300
commit	472e569562d4c90d7a298080e0052856aa7fa86b (patch)
tree	4e7ce9d002cc2869c76d3f01dc8abfe5df65d93e /lib/header.c
parent	30635dd4330a192fa2b6e202a0e2490eba599a93 (diff)
download	librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.tar.gz librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.tar.bz2 librpm-tizen-472e569562d4c90d7a298080e0052856aa7fa86b.zip