From 4fc8e87e31481d66fba9c43c5ef24b5328626bae Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Sat, 9 Jan 2021 23:42:56 -0500
Subject: Verify that data does not overlap region trailer

This is already checked for other header entries.

(cherry picked from commit f29c43728c492b1dbfe50136d33bf12f3704d8a0)
---
 lib/header.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/header.c b/lib/header.c
index e59d63744..6e7b6b436 100644
--- a/lib/header.c
+++ b/lib/header.c
@@ -292,6 +292,15 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg)
 	end = info.offset + len;
 	if (hdrchkRange(blob->dl, end) || len <= 0)
 	    goto err;
+	if (blob->regionTag) {
+	    /*
+	     * Verify that the data does not overlap the region trailer.  The
+	     * region trailer is skipped by this loop, so the other checks
+	     * don’t catch this case.
+	     */
+	    if (end > blob->rdl - REGION_TAG_COUNT && info.offset < blob->rdl)
+		goto err;
+	}
     }
     return 0; /* Everything ok */
 
-- 
cgit v1.2.1