projects
/
tools
/
librpm-tizen.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c6c3643
)
Sanity check region offset in regionSwab()
author
Panu Matilainen
<pmatilai@redhat.com>
Thu, 29 Sep 2011 09:50:57 +0000
(12:50 +0300)
committer
Panu Matilainen
<pmatilai@redhat.com>
Thu, 29 Sep 2011 10:04:56 +0000
(13:04 +0300)
- Region offsets are supposed to be negative when when an entry
is involved, otherwise zero. Fixes some cases of crash'n'burn on
malformed headers having bogus offsets (CVE-2011-3378)
lib/header.c
patch
|
blob
|
history
diff --git
a/lib/header.c
b/lib/header.c
index
5a54e75
..
284be09
100644
(file)
--- a/
lib/header.c
+++ b/
lib/header.c
@@
-381,6
+381,9
@@
static int regionSwab(indexEntry entry, int il, int dl,
const unsigned char * dataEnd,
int regionid)
{
+ if ((entry != NULL && regionid >= 0) || (entry == NULL && regionid != 0))
+ return -1;
+
for (; il > 0; il--, pe++) {
struct indexEntry_s ie;
rpm_tagtype_t type;