packages/rpm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rpm/backport-Verify-that-data-does-not-overlap-region-trailer.patch
renxichen 96149841b7 sync patches from upstream
2022-11-03 16:53:48 +08:00

34 lines
986 B
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From f29c43728c492b1dbfe50136d33bf12f3704d8a0 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demiobenour@gmail.com>
Date: Sat, 9 Jan 2021 23:42:56 -0500
Subject: [PATCH] Verify that data does not overlap region trailer
This is already checked for other header entries.
---
lib/header.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lib/header.c b/lib/header.c
index 0c450bea2..fc52c3178 100644
--- a/lib/header.c
+++ b/lib/header.c
@@ -292,6 +292,15 @@ static rpmRC hdrblobVerifyInfo(hdrblob blob, char **emsg)
end = info.offset + len;
if (hdrchkRange(blob->dl, end) || len <= 0)
goto err;
+ if (blob->regionTag) {
+ /*
+ * Verify that the data does not overlap the region trailer. The
+ * region trailer is skipped by this loop, so the other checks
+ * dont catch this case.
+ */
+ if (end > blob->rdl - REGION_TAG_COUNT && info.offset < blob->rdl)
+ goto err;
+ }
}
return 0; /* Everything ok */
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink