diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2021-03-10 14:13:36 +0200 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2021-03-11 10:58:48 +0200 |
| commit | 07858c0d60cb3d19f977aed14842fd7fbf66528f (patch) | |
| tree | 604f535940b3f5acf3eaf54107a6b8f0c2e7b4bc /python | |
| parent | 6d61b7118adcc14631b7ee5163a481472af940b8 (diff) | |
| download | rpm-07858c0d60cb3d19f977aed14842fd7fbf66528f.tar.gz | |
Eliminate remaining uses of unsafe headerCopyLoad() in the codebase
There's no way to safely validate an object to which only a void
pointer is given. Use headerImport() and pass a size to make
verification possible, headerCopyLoad() has been long deprecated anyway.
Diffstat (limited to 'python')
| -rw-r--r-- | python/header-py.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/python/header-py.c b/python/header-py.c index af7d33d0a..7750c37d6 100644 --- a/python/header-py.c +++ b/python/header-py.c @@ -381,7 +381,10 @@ static PyObject *hdr_new(PyTypeObject *subtype, PyObject *args, PyObject *kwds) } else if (hdrObject_Check(obj)) { h = headerCopy(((hdrObject*) obj)->h); } else if (PyBytes_Check(obj)) { - h = headerCopyLoad(PyBytes_AsString(obj)); + Py_ssize_t len = 0; + char *blob = NULL; + if (PyBytes_AsStringAndSize(obj, &blob, &len) == 0) + h = headerImport(blob, len, HEADERIMPORT_COPY); } else if (rpmfdFromPyObject(obj, &fdo)) { Py_BEGIN_ALLOW_THREADS; h = headerRead(rpmfdGetFd(fdo), HEADER_MAGIC_YES); |