diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2020-02-20 12:49:15 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2020-02-26 18:12:18 +0100 |
| commit | 110078022a6c6103be8f557aef1e268c4b680d88 (patch) | |
| tree | b2a29c48a2509816247fdc52e9dc6f0502b14c79 /apt-pkg/metaindex.cc | |
| parent | 6bb1c85fd045e421be36957453ee318c0cea8fb0 (diff) | |
Parse records including empty tag names correctly
No sensible file should include these, but even insensible files do not
gain unfair advantages with it as this parser does not deal with
security critical files before they haven't passed other checks like
signatures or hashsums.
The problem is that the parser accepts and parses empty tag names
correctly, but does not store the data parsed which will effect later
passes over the data resulting e.g. in the following tag containing
the name and value of the previous (empty) tag, its own tagname and its
own value or a crash due to an attempt to access invalid memory
depending on who passes over the data and what is done with it.
This commit fixes both, the incidient of the crash reported by
Anatoly Trosinenko who reproduced it via apt-sortpkgs:
| $ cat /tmp/Packages-null
| 0:
| PACKAGE:0
|
| :
| PACKAGE:
|
| PACKAGE::
| $ apt-sortpkgs /tmp/Packages-null
and the deeper parsing issue shown by the included testcase.
Reported-By: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
References: 8710a36a01c0cb1648926792c2ad05185535558e
Diffstat (limited to 'apt-pkg/metaindex.cc')
0 files changed, 0 insertions, 0 deletions