*/
#define hdrchkRange(_dl, _off) ((_off) < 0 || (_off) > (_dl))
-void headerMergeLegacySigs(Header h, const Header sig)
+void headerMergeLegacySigs(Header h, const Header sigh)
{
HFD_t hfd = (HFD_t) headerFreeData;
HAE_t hae = (HAE_t) headerAddEntry;
const void * ptr;
int xx;
- for (hi = headerInitIterator(sig);
+ for (hi = headerInitIterator(sigh);
headerNextIterator(hi, &tag, &type, &ptr, &count);
ptr = hfd(ptr, type))
{
/*@switchbreak@*/ break;
}
if (ptr == NULL) continue; /* XXX can't happen */
- if (!headerIsEntry(h, tag))
- xx = hae(h, tag, type, ptr, count);
+ if (!headerIsEntry(h, tag)) {
+ if (hdrchkType(type))
+ continue;
+ if (count < 0 || hdrchkData(count))
+ continue;
+ switch(type) {
+ case RPM_NULL_TYPE:
+ continue;
+ /*@notreached@*/ /*@switchbreak@*/ break;
+ case RPM_CHAR_TYPE:
+ case RPM_INT8_TYPE:
+ case RPM_INT16_TYPE:
+ case RPM_INT32_TYPE:
+ if (count != 1)
+ continue;
+ /*@switchbreak@*/ break;
+ case RPM_STRING_TYPE:
+ case RPM_BIN_TYPE:
+ if (count >= 16*1024)
+ continue;
+ /*@switchbreak@*/ break;
+ case RPM_STRING_ARRAY_TYPE:
+ case RPM_I18NSTRING_TYPE:
+ continue;
+ /*@notreached@*/ /*@switchbreak@*/ break;
+ }
+ xx = hae(h, tag, type, ptr, count);
+ }
}
hi = headerFreeIterator(hi);
}
Header headerRegenSigHeader(const Header h, int noArchiveSize)
{
HFD_t hfd = (HFD_t) headerFreeData;
- Header sig = rpmNewSignature();
+ Header sigh = rpmNewSignature();
HeaderIterator hi;
int_32 tag, stag, type, count;
const void * ptr;
/*@switchbreak@*/ break;
}
if (ptr == NULL) continue; /* XXX can't happen */
- if (!headerIsEntry(sig, stag))
- xx = headerAddEntry(sig, stag, type, ptr, count);
+ if (!headerIsEntry(sigh, stag))
+ xx = headerAddEntry(sigh, stag, type, ptr, count);
}
hi = headerFreeIterator(hi);
- return sig;
+ return sigh;
}
/**
/*@=boundsread@*/
int_32 ildl[2];
int_32 pvlen = sizeof(ildl) + (il * sizeof(*pe)) + dl;
- unsigned char * dataStart = (char *) (pe + il);
+ unsigned char * dataStart = (unsigned char *) (pe + il);
indexEntry entry = memset(alloca(sizeof(*entry)), 0, sizeof(*entry));
entryInfo info = memset(alloca(sizeof(*info)), 0, sizeof(*info));
const void * sig = NULL;
/* XXX only V3 signatures for now. */
if (dig->signature.version != 3) {
rpmMessage(RPMMESS_WARNING,
- _("only V3 signatures can be verified, skipping V%u signature"),
+ _("only V3 signatures can be verified, skipping V%u signature\n"),
dig->signature.version);
rpmtsCleanDig(ts);
goto verifyinfo_exit;
/* XXX only V3 signatures for now. */
if (dig->signature.version != 3) {
rpmMessage(RPMMESS_WARNING,
- _("only V3 signatures can be verified, skipping V%u signature"),
+ _("only V3 signatures can be verified, skipping V%u signature\n"),
dig->signature.version);
rpmtsCleanDig(ts);
goto verifyinfo_exit;
ei = NULL; /* XXX will be freed with header */
exit:
- if (rc == RPMRC_OK && hdrp)
+ if (rc == RPMRC_OK && hdrp && h)
*hdrp = headerLink(h);
ei = _free(ei);
h = headerFree(h);
msg = NULL;
rc = rpmReadHeader(ts, fd, &h, &msg);
if (rc != RPMRC_OK || h == NULL) {
- rpmError(RPMERR_FREAD, _("%s: headerRead failed: %s\n"), fn, msg);
+ rpmError(RPMERR_FREAD, _("%s: headerRead failed: %s"), fn,
+ (msg && *msg ? msg : "\n"));
msg = _free(msg);
goto exit;
}
/* XXX only V3 signatures for now. */
if (dig->signature.version != 3) {
rpmMessage(RPMMESS_WARNING,
- _("only V3 signatures can be verified, skipping V%u signature"),
+ _("only V3 signatures can be verified, skipping V%u signature\n"),
dig->signature.version);
rc = RPMRC_OK;
goto exit;
/* XXX only V3 signatures for now. */
if (dig->signature.version != 3) {
rpmMessage(RPMMESS_WARNING,
- _("only V3 signatures can be verified, skipping V%u signature"),
+ _("only V3 signatures can be verified, skipping V%u signature\n"),
dig->signature.version);
rc = RPMRC_OK;
goto exit;
/* XXX only V3 signatures for now. */
if (dig->signature.version != 3) {
rpmMessage(RPMMESS_WARNING,
- _("only V3 signatures can be verified, skipping V%u signature"),
+ _("only V3 signatures can be verified, skipping V%u signature\n"),
dig->signature.version);
rc = RPMRC_OK;
goto exit;
/**
* Return length of entry data.
- * @todo Remove sanity check exit's.
* @param type entry data type
* @param p entry data
* @param count entry item count
* @param onDisk data is concatenated strings (with NUL's))?
- * @return no. bytes in data
+ * @param pend pointer to end of data (or NULL)
+ * @return no. bytes in data, -1 on failure
*/
/*@mayexit@*/
-static int dataLength(int_32 type, hPTR_t p, int_32 count, int onDisk)
+static int dataLength(int_32 type, hPTR_t p, int_32 count, int onDisk,
+ hPTR_t pend)
/*@*/
{
+ const unsigned char * s = p;
+ const unsigned char * se = pend;
int length = 0;
switch (type) {
case RPM_STRING_TYPE:
- if (count == 1) { /* Special case -- p is just the string */
- length = strlen(p) + 1;
- break;
+ if (count != 1)
+ return -1;
+ while (*s++) {
+ if (se && s > se)
+ return -1;
+ length++;
}
- /* This should not be allowed */
- /*@-modfilesys@*/
- fprintf(stderr, _("dataLength() RPM_STRING_TYPE count must be 1.\n"));
- /*@=modfilesys@*/
- exit(EXIT_FAILURE);
- /*@notreached@*/ break;
+ length++; /* count nul terminator too. */
+ break;
case RPM_STRING_ARRAY_TYPE:
case RPM_I18NSTRING_TYPE:
- { int i;
-
- /* This is like RPM_STRING_TYPE, except it's *always* an array */
- /* Compute sum of length of all strings, including null terminators */
- i = count;
+ /* These are like RPM_STRING_TYPE, except they're *always* an array */
+ /* Compute sum of length of all strings, including nul terminators */
if (onDisk) {
- const char * chptr = p;
- int thisLen;
-
- while (i--) {
- thisLen = strlen(chptr) + 1;
- length += thisLen;
- chptr += thisLen;
+ while (count--) {
+ length++; /* count nul terminator too */
+ while (*s++) {
+ if (se && s > se)
+ return -1;
+ length++;
+ }
}
} else {
- const char ** src = (const char **)p;
+ const char ** av = (const char **)p;
/*@-boundsread@*/
- while (i--) {
+ while (count--) {
/* add one for null termination */
- length += strlen(*src++) + 1;
+ length += strlen(*av++) + 1;
}
/*@=boundsread@*/
}
- } break;
+ break;
default:
/*@-boundsread@*/
- if (typeSizes[type] != -1) {
- length = typeSizes[type] * count;
- break;
- }
+ if (typeSizes[type] == -1)
+ return -1;
+ length = typeSizes[(type & 0xf)] * count;
/*@=boundsread@*/
- /*@-modfilesys@*/
- fprintf(stderr, _("Data type %d not supported\n"), (int) type);
- /*@=modfilesys@*/
- exit(EXIT_FAILURE);
- /*@notreached@*/ break;
+ if (length < 0 || (se && (s + length) > se))
+ return -1;
+ break;
}
return length;
* @param il no. of entries
* @param dl start no. bytes of data
* @param pe header physical entry pointer (swapped)
- * @param dataStart header data
+ * @param dataStart header data start
+ * @param dataEnd header data end
* @param regionid region offset
* @return no. bytes of data in region, -1 on error
*/
static int regionSwab(/*@null@*/ indexEntry entry, int il, int dl,
- entryInfo pe, char * dataStart, int regionid)
+ entryInfo pe,
+ unsigned char * dataStart,
+ /*@null@*/ const unsigned char * dataEnd,
+ int regionid)
/*@modifies *entry, *dataStart @*/
{
- char * tprev = NULL;
- char * t = NULL;
+ unsigned char * tprev = NULL;
+ unsigned char * t = NULL;
int tdel, tl = dl;
struct indexEntry_s ieprev;
return -1;
ie.info.count = ntohl(pe->count);
ie.info.offset = ntohl(pe->offset);
+
ie.data = t = dataStart + ie.info.offset;
- ie.length = dataLength(ie.info.type, ie.data, ie.info.count, 1);
+ if (dataEnd && t >= dataEnd)
+ return -1;
+
+ ie.length = dataLength(ie.info.type, ie.data, ie.info.count, 1, dataEnd);
+ if (ie.length < 0 || hdrchkData(ie.length))
+ return -1;
+
ie.rdlen = 0;
if (entry) {
/*@-bounds@*/
case RPM_INT32_TYPE:
{ int_32 * it = (int_32 *)t;
- for (; ie.info.count > 0; ie.info.count--, it += 1)
+ for (; ie.info.count > 0; ie.info.count--, it += 1) {
+ if (dataEnd && ((unsigned char *)it) >= dataEnd)
+ return -1;
*it = htonl(*it);
+ }
t = (char *) it;
} /*@switchbreak@*/ break;
case RPM_INT16_TYPE:
{ int_16 * it = (int_16 *) t;
- for (; ie.info.count > 0; ie.info.count--, it += 1)
+ for (; ie.info.count > 0; ie.info.count--, it += 1) {
+ if (dataEnd && ((unsigned char *)it) >= dataEnd)
+ return -1;
*it = htons(*it);
+ }
t = (char *) it;
} /*@switchbreak@*/ break;
/*@=bounds@*/
ril++;
rdlen += entry->info.count;
- count = regionSwab(NULL, ril, 0, pe, t, 0);
+ count = regionSwab(NULL, ril, 0, pe, t, NULL, 0);
if (count != rdlen)
goto errxit;
}
te += entry->info.count + drlen;
- count = regionSwab(NULL, ril, 0, pe, t, 0);
+ count = regionSwab(NULL, ril, 0, pe, t, NULL, 0);
if (count != (rdlen + entry->info.count + drlen))
goto errxit;
}
void * pv = uh;
Header h = NULL;
entryInfo pe;
- char * dataStart;
+ unsigned char * dataStart;
+ unsigned char * dataEnd;
indexEntry entry;
int rdlen;
int i;
/*@-castexpose@*/
pe = (entryInfo) &ei[2];
/*@=castexpose@*/
- dataStart = (char *) (pe + il);
+ dataStart = (unsigned char *) (pe + il);
+ dataEnd = dataStart + dl;
h = xcalloc(1, sizeof(*h));
/*@-assignexpose@*/
/*@-sizeoftype@*/
entry->info.count = REGION_TAG_COUNT;
/*@=sizeoftype@*/
- entry->info.offset = ((char *)pe - dataStart); /* negative offset */
+ entry->info.offset = ((unsigned char *)pe - dataStart); /* negative offset */
/*@-assignexpose@*/
entry->data = pe;
/*@=assignexpose@*/
entry->length = pvlen - sizeof(il) - sizeof(dl);
- rdlen = regionSwab(entry+1, il, 0, pe, dataStart, entry->info.offset);
+ rdlen = regionSwab(entry+1, il, 0, pe, dataStart, dataEnd, entry->info.offset);
#if 0 /* XXX don't check, the 8/98 i18n bug fails here. */
if (rdlen != dl)
goto errxit;
entry++;
h->indexUsed++;
} else {
- int nb = ntohl(pe->count);
int_32 rdl;
int_32 ril;
if (hdrchkData(off))
goto errxit;
if (off) {
+ size_t nb = REGION_TAG_COUNT;
int_32 * stei = memcpy(alloca(nb), dataStart + off, nb);
rdl = -ntohl(stei[2]); /* negative offset */
ril = rdl/sizeof(*pe);
entry->data = pe;
/*@=assignexpose@*/
entry->length = pvlen - sizeof(il) - sizeof(dl);
- rdlen = regionSwab(entry+1, ril-1, 0, pe+1, dataStart, entry->info.offset);
+ rdlen = regionSwab(entry+1, ril-1, 0, pe+1, dataStart, dataEnd, entry->info.offset);
if (rdlen < 0)
goto errxit;
entry->rdlen = rdlen;
int rc;
/* Load dribble entries from region. */
- rc = regionSwab(newEntry, ne, 0, pe+ril, dataStart, rid);
+ rc = regionSwab(newEntry, ne, 0, pe+ril, dataStart, dataEnd, rid);
if (rc < 0)
goto errxit;
rdlen += rc;
/*@=sizeoftype@*/
/*@=bounds@*/
- rc = regionSwab(NULL, ril, 0, pe, dataStart, 0);
+ rc = regionSwab(NULL, ril, 0, pe, dataStart, NULL, 0);
/* XXX 1 on success. */
rc = (rc < 0) ? 0 : 1;
} else {
/**
*/
static void copyData(int_32 type, /*@out@*/ void * dstPtr, const void * srcPtr,
- int_32 c, int dataLength)
+ int_32 cnt, int dataLength)
/*@modifies *dstPtr @*/
{
- const char ** src;
- char * dst;
- int i;
-
switch (type) {
case RPM_STRING_ARRAY_TYPE:
case RPM_I18NSTRING_TYPE:
- /* Otherwise, p is char** */
- i = c;
- src = (const char **) srcPtr;
- dst = dstPtr;
+ { const char ** av = (const char **) srcPtr;
+ char * t = dstPtr;
+
/*@-bounds@*/
- while (i--) {
- if (*src) {
- int len = strlen(*src) + 1;
- memcpy(dst, *src, len);
- dst += len;
- }
- src++;
+ while (cnt-- > 0 && dataLength > 0) {
+ const char * s;
+ if ((s = *av++) == NULL)
+ continue;
+ do {
+ *t++ = *s++;
+ } while (s[-1] && --dataLength > 0);
}
/*@=bounds@*/
- break;
+ } break;
default:
/*@-boundswrite@*/
* @param p entry data
* @param c entry item count
* @retval lengthPtr no. bytes in returned data
- * @return (malloc'ed) copy of entry data
+ * @return (malloc'ed) copy of entry data, NULL on error
*/
-static void * grabData(int_32 type, hPTR_t p, int_32 c,
- /*@out@*/ int * lengthPtr)
+/*@null@*/
+static void *
+grabData(int_32 type, hPTR_t p, int_32 c, /*@out@*/ int * lengthPtr)
/*@modifies *lengthPtr @*/
/*@requires maxSet(lengthPtr) >= 0 @*/
{
- int length = dataLength(type, p, c, 0);
- void * data = xmalloc(length);
+ void * data = NULL;
+ int length;
- copyData(type, data, p, c, length);
+ length = dataLength(type, p, c, 0, NULL);
+ if (length > 0) {
+ data = xmalloc(length);
+ copyData(type, data, p, c, length);
+ }
if (lengthPtr)
*lengthPtr = length;
/*@modifies h @*/
{
indexEntry entry;
+ void * data;
+ int length;
/* Count must always be >= 1 for headerAddEntry. */
if (c <= 0)
return 0;
+ length = 0;
+/*@-boundswrite@*/
+ data = grabData(type, p, c, &length);
+/*@=boundswrite@*/
+ if (data == NULL || length <= 0)
+ return 0;
+
/* Allocate more index space if necessary */
if (h->indexUsed == h->indexAlloced) {
h->indexAlloced += INDEX_MALLOC_SIZE;
entry->info.type = type;
entry->info.count = c;
entry->info.offset = 0;
-/*@-boundswrite@*/
- entry->data = grabData(type, p, c, &entry->length);
-/*@=boundswrite@*/
+ entry->data = data;
+ entry->length = length;
/*@-boundsread@*/
if (h->indexUsed > 0 && tag < h->index[h->indexUsed-1].info.tag)
if (!entry)
return 0;
- length = dataLength(type, p, c, 0);
+ length = dataLength(type, p, c, 0, NULL);
if (ENTRY_IN_REGION(entry)) {
char * t = xmalloc(entry->length + length);
{
indexEntry entry;
void * oldData;
+ void * data;
+ int length;
/* First find the tag */
entry = findEntry(h, tag, type);
if (!entry)
return 0;
+ length = 0;
+ data = grabData(type, p, c, &length);
+ if (data == NULL || length <= 0)
+ return 0;
+
/* make sure entry points to the first occurence of this tag */
while (entry > h->index && (entry - 1)->info.tag == tag)
entry--;
entry->info.count = c;
entry->info.type = type;
- entry->data = grabData(type, p, c, &entry->length);
+ entry->data = data;
+ entry->length = length;
/*@-branchstate@*/
if (ENTRY_IN_REGION(entry)) {
projects / platform / upstream / rpm.git / commitdiff