From: Yonghee Han <onstudy@samsung.com>
Date: Wed, 9 Jan 2019 06:55:58 +0000 (+0900)
Subject:     Cherry-pick repo_deb: fix bugs in gzip header skipping
X-Git-Tag: accepted/tizen/devbase/services/20190930.043356~3
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F57%2F197057%2F1;p=services%2Fperl-BSSolv-obs-2.7.git

Cherry-pick repo_deb: fix bugs in gzip header skipping

    source : https://github.com/openSUSE/libsolv
    commit 32a8e295384d48aed9bbbe54c5c68ef8c9c1ed75
    Author: Michael Schroeder <mls@suse.de>
    Date:   Fri Oct 20 15:28:40 2017 +0200

        repo_deb: fix bugs in gzip header skipping

Change-Id: I5f740fe3512c46a921ed777f7eccab7609e56218
---

diff --git a/libsolv-0.6.15/ext/repo_deb.c b/libsolv-0.6.15/ext/repo_deb.c
index 8952e30..6b17cf7 100755
--- a/libsolv-0.6.15/ext/repo_deb.c
+++ b/libsolv-0.6.15/ext/repo_deb.c
@@ -595,7 +595,7 @@ repo_add_deb(Repo *repo, const char *deb, int flags)
   ctar = 0;
   if (control_comp == CONTROL_COMP_GZIP)
     {
-      if (ctgz[0] != 0x1f || ctgz[1] != 0x8b)
+      if (clen <= 10 || ctgz[0] != 0x1f || ctgz[1] != 0x8b)
 	{
 	  pool_error(pool, -1, "%s: control.tar.gz is not gzipped", deb);
 	  solv_free(ctgz);
@@ -612,21 +612,15 @@ repo_add_deb(Repo *repo, const char *deb, int flags)
       if (ctgz[3] & 0x04)
 	{
 	  /* skip extra field */
-	  l = bp[0] | bp[1] << 8;
+	  l = bp + 2 >= ctgz + clen ? 0 : (bp[0] | bp[1] << 8);
 	  bp += l + 2;
-	  if (bp >= ctgz + clen)
-	    {
-	      pool_error(pool, -1, "%s: control.tar.gz is corrupt", deb);
-	      solv_free(ctgz);
-	      return 0;
-	    }
 	}
       if (ctgz[3] & 0x08)	/* orig filename */
-	while (*bp)
-	  bp++;
+	while (bp < ctgz + clen && *bp++)
+	  ;
       if (ctgz[3] & 0x10)	/* file comment */
-	while (*bp)
-	  bp++;
+	while (bp < ctgz + clen && *bp++)
+	  ;
       if (ctgz[3] & 0x02)	/* header crc */
 	bp += 2;
       if (bp >= ctgz + clen)