diff options
| author | Demi Marie Obenour <demiobenour@gmail.com> | 2021-01-09 23:42:56 -0500 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2021-03-22 12:04:27 +0200 |
| commit | 4fc8e87e31481d66fba9c43c5ef24b5328626bae (patch) | |
| tree | 6cafb95c9013e92db4fb01a11697d34c7b806c89 | |
| parent | ea2ae5e908f3a1efb09ecde487184a38e1602211 (diff) | |
| download | rpm-4fc8e87e31481d66fba9c43c5ef24b5328626bae.tar.gz | |
Verify that data does not overlap region trailer
This is already checked for other header entries.
(cherry picked from commit f29c43728c492b1dbfe50136d33bf12f3704d8a0)
| -rw-r--r-- | lib/header.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/header.c b/lib/header.c index e59d63744..6e7b6b436 100644 --- a/lib/header.c +++ b/lib/header.c @@ -292,6 +292,15 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg) end = info.offset + len; if (hdrchkRange(blob->dl, end) || len <= 0) goto err; + if (blob->regionTag) { + /* + * Verify that the data does not overlap the region trailer. The + * region trailer is skipped by this loop, so the other checks + * don’t catch this case. + */ + if (end > blob->rdl - REGION_TAG_COUNT && info.offset < blob->rdl) + goto err; + } } return 0; /* Everything ok */ |