From d38c63e4a0901fa03ece3c2b3b36d93fd339a8b0 Mon Sep 17 00:00:00 2001
From: Yonghee Han <onstudy@samsung.com>
Date: Wed, 9 Jan 2019 15:55:58 +0900
Subject: [PATCH]     Cherry-pick repo_deb: fix bugs in gzip header skipping

    source : https://github.com/openSUSE/libsolv
    commit 32a8e295384d48aed9bbbe54c5c68ef8c9c1ed75
    Author: Michael Schroeder <mls@suse.de>
    Date:   Fri Oct 20 15:28:40 2017 +0200

        repo_deb: fix bugs in gzip header skipping

Change-Id: I5f740fe3512c46a921ed777f7eccab7609e56218
---
 libsolv-0.6.15/ext/repo_deb.c | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/libsolv-0.6.15/ext/repo_deb.c b/libsolv-0.6.15/ext/repo_deb.c
index 8952e30..6b17cf7 100755
--- a/libsolv-0.6.15/ext/repo_deb.c
+++ b/libsolv-0.6.15/ext/repo_deb.c
@@ -595,7 +595,7 @@ repo_add_deb(Repo *repo, const char *deb, int flags)
   ctar = 0;
   if (control_comp == CONTROL_COMP_GZIP)
     {
-      if (ctgz[0] != 0x1f || ctgz[1] != 0x8b)
+      if (clen <= 10 || ctgz[0] != 0x1f || ctgz[1] != 0x8b)
 	{
 	  pool_error(pool, -1, "%s: control.tar.gz is not gzipped", deb);
 	  solv_free(ctgz);
@@ -612,21 +612,15 @@ repo_add_deb(Repo *repo, const char *deb, int flags)
       if (ctgz[3] & 0x04)
 	{
 	  /* skip extra field */
-	  l = bp[0] | bp[1] << 8;
+	  l = bp + 2 >= ctgz + clen ? 0 : (bp[0] | bp[1] << 8);
 	  bp += l + 2;
-	  if (bp >= ctgz + clen)
-	    {
-	      pool_error(pool, -1, "%s: control.tar.gz is corrupt", deb);
-	      solv_free(ctgz);
-	      return 0;
-	    }
 	}
       if (ctgz[3] & 0x08)	/* orig filename */
-	while (*bp)
-	  bp++;
+	while (bp < ctgz + clen && *bp++)
+	  ;
       if (ctgz[3] & 0x10)	/* file comment */
-	while (*bp)
-	  bp++;
+	while (bp < ctgz + clen && *bp++)
+	  ;
       if (ctgz[3] & 0x02)	/* header crc */
 	bp += 2;
       if (bp >= ctgz + clen)
-- 
2.7.4