fix: prevent segfault if malicious server sends 1 GB of data through ftpNLST.

[platform/upstream/rpm.git] / lib / transaction.c

diff --git a/lib/transaction.c b/lib/transaction.c
index 5c64688..d019de4 100644 (file)
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -30,11 +30,9 @@
 
 #include "debug.h"
 
-/*@access FD_t @*/             /* XXX compared with NULL */
-/*@access Header @*/           /* XXX compared with NULL */
+/*@access Header @*/           /* XXX ts->notify arg1 is void ptr */
 /*@access rpmps @*/    /* XXX need rpmProblemSetOK() */
 /*@access dbiIndexSet @*/
-/*@access rpmdb @*/
 
 /*@access rpmpsm @*/
 
@@ -161,7 +159,7 @@ static fileAction decideFileFate(const rpmts ts,
        if (oFLink && nFLink && !strcmp(oFLink, nFLink))
            return FA_SKIP;     /* identical file, don't bother. */
 /*@=nullpass@*/
-     }
+    }
 
     /*
      * The config file on the disk has been modified, but
@@ -215,6 +213,9 @@ static int handleInstInstalledFiles(const rpmts ts,
        /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
        /*@modifies ts, fi, rpmGlobalMacroContext, fileSystem, internalState @*/
 {
+    uint_32 tscolor = rpmtsColor(ts);
+    uint_32 otecolor, tecolor;
+    uint_32 oficolor, ficolor;
     const char * altNEVR = NULL;
     rpmfi otherFi = NULL;
     int numReplaced = 0;
@@ -235,6 +236,18 @@ static int handleInstInstalledFiles(const rpmts ts,
        mi = rpmdbFreeIterator(mi);
     }
 
+    /* Compute package color. */
+    tecolor = rpmteColor(p);
+    tecolor &= tscolor;
+
+    /* Compute other pkg color. */
+    otecolor = 0;
+    otherFi = rpmfiInit(otherFi, 0);
+    if (otherFi != NULL)
+    while (rpmfiNext(otherFi) >= 0)
+       otecolor |= rpmfiFColor(otherFi);
+    otecolor &= tscolor;
+
     if (otherFi == NULL)
        return 1;
 
@@ -247,9 +260,13 @@ static int handleInstInstalledFiles(const rpmts ts,
 
        otherFileNum = shared->otherFileNum;
        (void) rpmfiSetFX(otherFi, otherFileNum);
+       oficolor = rpmfiFColor(otherFi);
+       oficolor &= tscolor;
 
        fileNum = shared->pkgFileNum;
        (void) rpmfiSetFX(fi, fileNum);
+       ficolor = rpmfiFColor(fi);
+       ficolor &= tscolor;
 
        isCfgFile = ((rpmfiFFlags(otherFi) | rpmfiFFlags(fi)) & RPMFILE_CONFIG);
 
@@ -263,6 +280,8 @@ static int handleInstInstalledFiles(const rpmts ts,
            continue;
 
        if (filecmp(otherFi, fi)) {
+           /* Report conflicts only for packages/files of same color. */
+           if (tscolor == 0 || (tecolor == otecolor && ficolor == oficolor))
            if (reportConflicts) {
                rpmpsAppend(ps, RPMPROB_FILE_CONFLICT,
                        rpmteNEVR(p), rpmteKey(p),
@@ -604,7 +623,7 @@ static void handleOverlappedFiles(const rpmts ts,
 
 assert(otherFi != NULL);
            /* Mark added overlapped non-identical files as a conflict. */
-           if ((rpmtsFilterFlags(ts) & RPMPROB_FILTER_REPLACENEWFILES)
+           if (!(rpmtsFilterFlags(ts) & RPMPROB_FILTER_REPLACENEWFILES)
             && filecmp(otherFi, fi))
            {
                rpmpsAppend(ps, RPMPROB_NEW_FILE_CONFLICT,
@@ -661,8 +680,8 @@ assert(otherFi != NULL);
 /*@=boundswrite@*/
 
        /* Update disk space info for a file. */
-       rpmtsUpdateDSI(ts, fiFps->entry->dev,
-                rpmfiFSize(fi), fi->replacedSizes[i], fixupSize, fi->actions[i]);
+       rpmtsUpdateDSI(ts, fiFps->entry->dev, rpmfiFSize(fi),
+               fi->replacedSizes[i], fixupSize, fi->actions[i]);
 
     }
     ps = rpmpsFree(ps);
@@ -793,16 +812,16 @@ static void skipFiles(const rpmts ts, rpmfi fi)
 
        /* Don't bother with skipped files */
        if (XFA_SKIPPING(fi->actions[i])) {
-           drc[ix]--;  dff[ix] = 1;
+           drc[ix]--; dff[ix] = 1;
            continue;
        }
 
        /* Ignore colored files not in our rainbow. */
        ficolor = rpmfiFColor(fi);
-        if (tscolor && ficolor && !(tscolor & ficolor)) {
+       if (tscolor && ficolor && !(tscolor & ficolor)) {
            drc[ix]--;  dff[ix] = 1;
            fi->actions[i] = FA_SKIPCOLOR;
-            continue;
+           continue;
        }
 
        /*
@@ -845,7 +864,7 @@ static void skipFiles(const rpmts ts, rpmfi fi)
        /*
         * Skip i18n language specific files.
         */
-       if (fi->flangs && languages && *fi->flangs[i]) {
+       if (languages != NULL && fi->flangs != NULL && *fi->flangs[i]) {
            const char **lang, *l, *le;
            for (lang = languages; *lang != NULL; lang++) {
                if (!strcmp(*lang, "all"))
@@ -938,11 +957,13 @@ static void skipFiles(const rpmts ts, rpmfi fi)
        }
     }
 
+/*@-dependenttrans@*/
     if (netsharedPaths) freeSplitString(netsharedPaths);
 #ifdef DYING   /* XXX freeFi will deal with this later. */
     fi->flangs = _free(fi->flangs);
 #endif
     if (languages) freeSplitString((char **)languages);
+/*@=dependenttrans@*/
 }
 /*@=bounds@*/
 /*@=mustmod@*/
@@ -995,14 +1016,15 @@ int rpmtsRun(rpmts ts, rpmps okProbs, rpmprobFilterFlags ignoreSet)
     int numRemoved;
     int xx;
 
-    /* FIXME: what if the same package is included in ts twice? */
+    /* XXX programmer error segfault avoidance. */
+    if (rpmtsNElements(ts) <= 0)
+       return -1;
 
     if (rpmtsFlags(ts) & RPMTRANS_FLAG_NOSCRIPTS)
        (void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransScripts | _noTransTriggers));
     if (rpmtsFlags(ts) & RPMTRANS_FLAG_NOTRIGGERS)
        (void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransTriggers));
 
-    /* XXX MULTILIB is broken, as packages can and do execute /sbin/ldconfig. */
     if (rpmtsFlags(ts) & RPMTRANS_FLAG_JUSTDB)
        (void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransScripts | _noTransTriggers));
 
@@ -1084,6 +1106,12 @@ rpmMessage(RPMMESS_DEBUG, _("sanity checking %d elements\n"), rpmtsNElements(ts)
                                rpmteV(p));
            xx = rpmdbSetIteratorRE(mi, RPMTAG_RELEASE, RPMMIRE_DEFAULT,
                                rpmteR(p));
+           if (tscolor) {
+               xx = rpmdbSetIteratorRE(mi, RPMTAG_ARCH, RPMMIRE_DEFAULT,
+                               rpmteA(p));
+               xx = rpmdbSetIteratorRE(mi, RPMTAG_OS, RPMMIRE_DEFAULT,
+                               rpmteO(p));
+           }
 
            while (rpmdbNextIterator(mi) != NULL) {
                rpmpsAppend(ps, RPMPROB_PKG_INSTALLED,
@@ -1125,6 +1153,7 @@ rpmMessage(RPMMESS_DEBUG, _("sanity checking %d elements\n"), rpmtsNElements(ts)
      * worth the trouble though.
      */
 rpmMessage(RPMMESS_DEBUG, _("computing %d file fingerprints\n"), totalFileCount);
+
     numAdded = numRemoved = 0;
     pi = rpmtsiInit(ts);
     while ((p = rpmtsiNext(pi, 0)) != NULL) {
@@ -1180,6 +1209,7 @@ rpmMessage(RPMMESS_DEBUG, _("computing %d file fingerprints\n"), totalFileCount)
            continue;   /* XXX can't happen */
        fc = rpmfiFC(fi);
 
+       (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0);
        fpLookupList(fpc, fi->dnl, fi->bnl, fi->dil, fc, fi->fps);
        /*@-branchstate@*/
        fi = rpmfiInit(fi, 0);
@@ -1192,6 +1222,8 @@ rpmMessage(RPMMESS_DEBUG, _("computing %d file fingerprints\n"), totalFileCount)
            /*@=dependenttrans@*/
        }
        /*@=branchstate@*/
+       (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), fc);
+
     }
     pi = rpmtsiFree(pi);
 
@@ -1220,6 +1252,7 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
 
        if (fc == 0) continue;
 
+       (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), 0);
        /* Extract file info for all files in this package from the database. */
        matches = xcalloc(fc, sizeof(*matches));
        if (rpmdbFindFpList(rpmtsGetRdb(ts), fi->fps, matches, fc)) {
@@ -1319,6 +1352,7 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
        case TR_REMOVED:
            /*@switchbreak@*/ break;
        }
+       (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_FINGERPRINT), fc);
     }
     pi = rpmtsiFree(pi);
     ps = rpmpsFree(ps);
@@ -1368,6 +1402,7 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
      */
     if (rpmtsFlags(ts) & (RPMTRANS_FLAG_DIRSTASH | RPMTRANS_FLAG_REPACKAGE)) {
        int progress;
+
        progress = 0;
        pi = rpmtsiInit(ts);
        while ((p = rpmtsiNext(pi, 0)) != NULL) {
@@ -1387,9 +1422,11 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
                                7, numRemoved, NULL, ts->notifyData));
 
                NOTIFY(ts, (NULL, RPMCALLBACK_REPACKAGE_PROGRESS, progress,
-                        numRemoved, NULL, ts->notifyData));
+                       numRemoved, NULL, ts->notifyData));
                progress++;
 
+               (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_REPACKAGE), 0);
+
        /* XXX TR_REMOVED needs CPIO_MAP_{ABSOLUTE,ADDDOT} CPIO_ALL_HARDLINKS */
                fi->mapflags |= CPIO_MAP_ABSOLUTE;
                fi->mapflags |= CPIO_MAP_ADDDOT;
@@ -1401,6 +1438,8 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
                fi->mapflags &= ~CPIO_MAP_ADDDOT;
                fi->mapflags &= ~CPIO_ALL_HARDLINKS;
 
+               (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_REPACKAGE), 0);
+
                /*@switchbreak@*/ break;
            }
        }
@@ -1428,11 +1467,13 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
            continue;   /* XXX can't happen */
        
        psm = rpmpsmNew(ts, p, fi);
+assert(psm != NULL);
        psm->unorderedSuccessor =
                (rpmtsiOc(pi) >= rpmtsUnorderedSuccessors(ts, -1) ? 1 : 0);
 
        switch (rpmteType(p)) {
        case TR_ADDED:
+           (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_INSTALL), 0);
 
            pkgKey = rpmteAddedKey(p);
 
@@ -1487,7 +1528,9 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
 
                    fi->fstates = NULL;
                    fi->actions = NULL;
+/*@-nullstate@*/ /* FIX: fi->actions is NULL */
                    fi = rpmfiFree(fi);
+/*@=nullstate@*/
 
                    savep = rpmtsSetRelocateElement(ts, p);
                    fi = rpmfiNew(ts, p->h, RPMTAG_BASENAMES, 1);
@@ -1527,8 +1570,13 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
 
            p->h = headerFree(p->h);
 
+           (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_INSTALL), 0);
+
            /*@switchbreak@*/ break;
+
        case TR_REMOVED:
+           (void) rpmswEnter(rpmtsOp(ts, RPMTS_OP_ERASE), 0);
+
            rpmMessage(RPMMESS_DEBUG, "========== --- %s\n", rpmteNEVR(p));
            /*
             * XXX This has always been a hack, now mostly broken.
@@ -1538,6 +1586,9 @@ rpmMessage(RPMMESS_DEBUG, _("computing file dispositions\n"));
                if (rpmpsmStage(psm, PSM_PKGERASE))
                    ourrc++;
            }
+
+           (void) rpmswExit(rpmtsOp(ts, RPMTS_OP_ERASE), 0);
+
            /*@switchbreak@*/ break;
        }
        xx = rpmdbSync(rpmtsGetRdb(ts));