From 809aa216c630f1cc61b0c3b9d992d4a3be14be3c Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 12 Aug 2015 20:44:40 +0200 Subject: policy: Be more strict about parsing pin files, and document prio 0 Treat invalid pin priorities and overflows as an error. Closes: #429912 --- apt-pkg/policy.cc | 13 ++++++++++--- apt-pkg/tagfile.cc | 9 ++++++++- 2 files changed, 18 insertions(+), 4 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc index bf6ec0ff7..76c36b71b 100644 --- a/apt-pkg/policy.cc +++ b/apt-pkg/policy.cc @@ -478,11 +478,18 @@ bool ReadPinFile(pkgPolicy &Plcy,string File) } for (; Word != End && isspace(*Word) != 0; Word++); - short int priority = Tags.FindI("Pin-Priority", 0); + int priority = Tags.FindI("Pin-Priority", 0); + if (priority < std::numeric_limits::min() || + priority > std::numeric_limits::max() || + _error->PendingError()) { + return _error->Error(_("%s: Value %s is outside the range of valid pin priorities (%d to %d)"), + File.c_str(), Tags.FindS("Pin-Priority").c_str(), + std::numeric_limits::min(), + std::numeric_limits::max()); + } if (priority == 0) { - _error->Warning(_("No priority (or zero) specified for pin")); - continue; + return _error->Error(_("No priority (or zero) specified for pin")); } istringstream s(Name); diff --git a/apt-pkg/tagfile.cc b/apt-pkg/tagfile.cc index 253b1b7a3..8acecd735 100644 --- a/apt-pkg/tagfile.cc +++ b/apt-pkg/tagfile.cc @@ -533,9 +533,16 @@ signed int pkgTagSection::FindI(const char *Tag,signed long Default) const return Default; strncpy(S,Start,Stop-Start); S[Stop - Start] = 0; - + + errno = 0; char *End; signed long Result = strtol(S,&End,10); + if (errno == ERANGE) + _error->Errno("strtol", _("Cannot convert %s to integer"), S); + if (Result < std::numeric_limits::min() || Result > std::numeric_limits::max()) { + errno = ERANGE; + _error->Errno("", _("Cannot convert %s to integer"), S); + } if (S == End) return Default; return Result; -- cgit v1.2.3-70-g09d2