Parcourir la source

Fix buffer overflow in debListParser::VersionHash()

If a package file is formatted in a way that that no space
follows a deprecated "<", we would reformat it to "<=" and
increase the length of the output by 1, which can break.

Under normal circumstances with "<=" this should not be an
issue.

Closes: #828812
Julian Andres Klode il y a 10 ans
Parent
commit
b6e9756ca0
1 fichiers modifiés avec 6 ajouts et 2 suppressions
  1. 6 2
      apt-pkg/deb/deblistparser.cc

+ 6 - 2
apt-pkg/deb/deblistparser.cc

@@ -357,8 +357,12 @@ unsigned short debListParser::VersionHash()
 	    continue;
 	 *J++ = tolower_ascii(*Start);
 
-	 if ((*Start == '<' || *Start == '>') && Start[1] != *Start && Start[1] != '=')
-	    *J++ = '=';
+	 /* Normalize <= to < and >= to >. This is the wrong way around, but
+	  * more efficient that the right way. And since we're only hashing
+	  * it does not matter which way we normalize. */
+	 if ((*Start == '<' || *Start == '>') && Start[1] == '=') {
+	    Start++;
+	 }
       }
 
       Result = AddCRC16(Result,S,J - S);