- fix: sanity checks on #tags (<65K) and offset (<16Mb) in header.
- fix: add -r to useradd to prevent /etc/skel glop (#46215).
- fix: disambiguate typedef and struct name(s) for kpackage.
+ - update intl dirs to gettext-0.10.38.
+ - fix: sanity check for header size added in headerCopyLoad() (#46469).
4.0 -> 4.0.[12]
- add doxygen and lclint annotations most everywhere.
};
/** \ingroup header
+ * Maximum no. of bytes permitted in a header.
+ */
+static size_t headerMaxbytes = (32*1024*1024);
+
+/** \ingroup header
* Alignment needs (and sizeof scalars types) for internal rpm data types.
*/
static int typeSizes[] = {
int_32 * ei = (int_32 *) uh;
int_32 il = ntohl(ei[0]); /* index length */
int_32 dl = ntohl(ei[1]); /* data length */
- int pvlen = sizeof(il) + sizeof(dl) +
+ size_t pvlen = sizeof(il) + sizeof(dl) +
(il * sizeof(struct entryInfo)) + dl;
void * pv = uh;
Header h = xcalloc(1, sizeof(*h));
int_32 * ei = (int_32 *) uh;
int_32 il = ntohl(ei[0]); /* index length */
int_32 dl = ntohl(ei[1]); /* data length */
- int pvlen = sizeof(il) + sizeof(dl) +
- (il * sizeof(struct entryInfo)) + dl;
- void * nuh = memcpy(xmalloc(pvlen), uh, pvlen);
- Header h;
+ size_t pvlen = sizeof(il) + sizeof(dl) +
+ (il * sizeof(struct entryInfo)) + dl;
+ void * nuh = NULL;
+ Header h = NULL;
- h = headerLoad(nuh);
- if (h == NULL) {
- nuh = _free(nuh);
- return h;
+ if (pvlen < headerMaxbytes) {
+ nuh = memcpy(xmalloc(pvlen), uh, pvlen);
+ if ((h = headerLoad(nuh)) != NULL)
+ h->flags |= HEADERFLAG_ALLOCATED;
}
- h->flags |= HEADERFLAG_ALLOCATED;
+ if (h == NULL)
+ nuh = _free(nuh);
return h;
}
int_32 dl;
int_32 magic;
Header h = NULL;
- int len;
+ size_t len;
int i;
memset(block, 0, sizeof(block));
dl = ntohl(block[i++]);
len = sizeof(il) + sizeof(dl) + (il * sizeof(struct entryInfo)) + dl;
-
- /*
- * XXX Limit total size of header to 32Mb (~16 times largest known size).
- */
- if (len > (32*1024*1024))
+ if (len > headerMaxbytes)
goto exit;
ei = xmalloc(len);