diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2017-02-03 11:22:06 +0200 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2017-02-03 11:27:52 +0200 |
| commit | 3a07ba3ba6f2c7d594730beefe8235b7eba4af52 (patch) | |
| tree | 17233dae3e13025fef04a5804b18e7b729ed2c74 /lib/header.c | |
| parent | 90afaf511136262f2f1f3d8ea7f71ce38e35f5d3 (diff) | |
| download | rpm-3a07ba3ba6f2c7d594730beefe8235b7eba4af52.tar.gz | |
Sanity check header tag values. Like, doh.
There's a check for total number of tags, and their types and all
but absolutely no check for the actual tag numbers. So we end up
accepting negative tags which should not exist. The tag type should
really be uint32_t but that's another can of worms, lets have something
easily backportable for now.
This is enough to fix issues #133, #135, #136, #138 and #139 on the
level of detecting header structural inconsistency.
Diffstat (limited to 'lib/header.c')
| -rw-r--r-- | lib/header.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/header.c b/lib/header.c index 14e9b147e..ab721a52c 100644 --- a/lib/header.c +++ b/lib/header.c @@ -129,6 +129,12 @@ static const size_t headerMaxbytes = (256*1024*1024); #define hdrchkTags(_ntags) ((_ntags) & (~HEADER_TAGS_MAX)) /** + * Sanity check on tag values. + * Catches out nasties like negative values and multiple regions. + **/ +#define hdrchkTag(_tag) ((_tag) < HEADER_I18NTABLE) + +/** * Sanity check on type values. */ #define hdrchkType(_type) ((_type) < RPM_MIN_TYPE || (_type) > RPM_MAX_TYPE) @@ -255,6 +261,8 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg) if (end > info.offset) goto err; + if (hdrchkTag(info.tag)) + goto err; if (hdrchkType(info.type)) goto err; if (hdrchkAlign(info.type, info.offset)) |