Cherry-pick repo_deb: fix bugs in gzip header skipping

    source : https://github.com/openSUSE/libsolv
    commit 32a8e295384d48aed9bbbe54c5c68ef8c9c1ed75
    Author: Michael Schroeder <mls@suse.de>
    Date:   Fri Oct 20 15:28:40 2017 +0200

        repo_deb: fix bugs in gzip header skipping

Change-Id: I5f740fe3512c46a921ed777f7eccab7609e56218

diff --git a/libsolv-0.6.15/ext/repo_deb.c b/libsolv-0.6.15/ext/repo_deb.c
index 8952e30..6b17cf7 100755 (executable)
--- a/libsolv-0.6.15/ext/repo_deb.c
+++ b/libsolv-0.6.15/ext/repo_deb.c
@@ -595,7 +595,7 @@ repo_add_deb(Repo *repo, const char *deb, int flags)
   ctar = 0;
   if (control_comp == CONTROL_COMP_GZIP)
     {
-      if (ctgz[0] != 0x1f || ctgz[1] != 0x8b)
+      if (clen <= 10 || ctgz[0] != 0x1f || ctgz[1] != 0x8b)
        {
          pool_error(pool, -1, "%s: control.tar.gz is not gzipped", deb);
          solv_free(ctgz);
@@ -612,21 +612,15 @@ repo_add_deb(Repo *repo, const char *deb, int flags)
       if (ctgz[3] & 0x04)
        {
          /* skip extra field */
-         l = bp[0] | bp[1] << 8;
+         l = bp + 2 >= ctgz + clen ? 0 : (bp[0] | bp[1] << 8);
          bp += l + 2;
-         if (bp >= ctgz + clen)
-           {
-             pool_error(pool, -1, "%s: control.tar.gz is corrupt", deb);
-             solv_free(ctgz);
-             return 0;
-           }
        }
       if (ctgz[3] & 0x08)      /* orig filename */
-       while (*bp)
-         bp++;
+       while (bp < ctgz + clen && *bp++)
+         ;
       if (ctgz[3] & 0x10)      /* file comment */
-       while (*bp)
-         bp++;
+       while (bp < ctgz + clen && *bp++)
+         ;
       if (ctgz[3] & 0x02)      /* header crc */
        bp += 2;
       if (bp >= ctgz + clen)