Don't assume rpmteNew() always succeeds, part III

- Return error from verifyscript if rpmteNew() fails. This can't
  currently happen but handling this error makes it possible to
  do sanity checks on the header contents, such as file list integrity etc.
  Unlikely to occur for installed packages, but verify can be run
  on non-installed packages as well, where failure is more of a possibility.

diff --git a/lib/verify.c b/lib/verify.c
index 48f749c..21289d1 100644 (file)
--- a/lib/verify.c
+++ b/lib/verify.c
@@ -263,12 +263,17 @@ static int rpmVerifyScript(rpmts ts, Header h)
     if (headerIsEntry(h, RPMTAG_VERIFYSCRIPT)) {
        /* fake up a erasure transaction element */
        rpmte p = rpmteNew(ts, h, TR_REMOVED, NULL, NULL);
-       rpmteSetHeader(p, h);
 
-       rc = (rpmpsmRun(ts, p, PKG_VERIFY) != RPMRC_OK);
+       if (p != NULL) {
+           rpmteSetHeader(p, h);
 
-       /* clean up our fake transaction bits */
-       rpmteFree(p);
+           rc = (rpmpsmRun(ts, p, PKG_VERIFY) != RPMRC_OK);
+
+           /* clean up our fake transaction bits */
+           rpmteFree(p);
+       } else {
+           rc = RPMRC_FAIL;
+       }
     }
 
     return rc;