From c33e408649c342e000edce34ca122058a9050cdd Mon Sep 17 00:00:00 2001
From: jbj <devnull@localhost>
Date: Sat, 30 Jun 2001 18:32:28 +0000
Subject: [PATCH] - update intl dirs to gettext-0.10.38. - fix: sanity check
 for header size added in headerCopyLoad() (#46469).

CVS patchset: 4913
CVS date: 2001/06/30 18:32:28
---
 CHANGES      |  2 ++
 lib/header.c | 34 ++++++++++++++++++----------------
 2 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1c06aa1..1cd73b3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -144,6 +144,8 @@
 	- fix: sanity checks on #tags (<65K) and offset (<16Mb) in header.
 	- fix: add -r to useradd to prevent /etc/skel glop (#46215).
 	- fix: disambiguate typedef and struct name(s) for kpackage.
+	- update intl dirs to gettext-0.10.38.
+	- fix: sanity check for header size added in headerCopyLoad() (#46469).
 
 4.0 -> 4.0.[12]
 	- add doxygen and lclint annotations most everywhere.
diff --git a/lib/header.c b/lib/header.c
index 72b67a9..c1ebb94 100644
--- a/lib/header.c
+++ b/lib/header.c
@@ -39,6 +39,11 @@ static unsigned char header_magic[8] = {
 };
 
 /** \ingroup header
+ * Maximum no. of bytes permitted in a header.
+ */
+static size_t headerMaxbytes = (32*1024*1024);
+
+/** \ingroup header
  * Alignment needs (and sizeof scalars types) for internal rpm data types.
  */
 static int typeSizes[] =  { 
@@ -692,7 +697,7 @@ Header headerLoad(void * uh)
     int_32 * ei = (int_32 *) uh;
     int_32 il = ntohl(ei[0]);		/* index length */
     int_32 dl = ntohl(ei[1]);		/* data length */
-    int pvlen = sizeof(il) + sizeof(dl) +
+    size_t pvlen = sizeof(il) + sizeof(dl) +
                (il * sizeof(struct entryInfo)) + dl;
     void * pv = uh;
     Header h = xcalloc(1, sizeof(*h));
@@ -847,17 +852,18 @@ Header headerCopyLoad(const void * uh)
     int_32 * ei = (int_32 *) uh;
     int_32 il = ntohl(ei[0]);		/* index length */
     int_32 dl = ntohl(ei[1]);		/* data length */
-    int pvlen = sizeof(il) + sizeof(dl) +
-               (il * sizeof(struct entryInfo)) + dl;
-    void * nuh = memcpy(xmalloc(pvlen), uh, pvlen);
-    Header h;
+    size_t pvlen = sizeof(il) + sizeof(dl) +
+			(il * sizeof(struct entryInfo)) + dl;
+    void * nuh = NULL;
+    Header h = NULL;
 
-    h = headerLoad(nuh);
-    if (h == NULL) {
-	nuh = _free(nuh);
-	return h;
+    if (pvlen < headerMaxbytes) {
+	nuh = memcpy(xmalloc(pvlen), uh, pvlen);
+	if ((h = headerLoad(nuh)) != NULL)
+	    h->flags |= HEADERFLAG_ALLOCATED;
     }
-    h->flags |= HEADERFLAG_ALLOCATED;
+    if (h == NULL)
+	nuh = _free(nuh);
     return h;
 }
 
@@ -870,7 +876,7 @@ Header headerRead(FD_t fd, enum hMagic magicp)
     int_32 dl;
     int_32 magic;
     Header h = NULL;
-    int len;
+    size_t len;
     int i;
 
     memset(block, 0, sizeof(block));
@@ -894,11 +900,7 @@ Header headerRead(FD_t fd, enum hMagic magicp)
     dl = ntohl(block[i++]);
 
     len = sizeof(il) + sizeof(dl) + (il * sizeof(struct entryInfo)) + dl;
-
-    /*
-     * XXX Limit total size of header to 32Mb (~16 times largest known size).
-     */
-    if (len > (32*1024*1024))
+    if (len > headerMaxbytes)
 	goto exit;
 
     ei = xmalloc(len);
-- 
2.7.4