summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-06-28 10:24:11 +0200
committerJulian Andres Klode <jak@debian.org>2016-08-31 13:14:17 +0200
commit36d673ecf7bdf6b3d594cac5789308c8a6b346c1 (patch)
tree3cb48182e6bf0a498dea541730088c3e33840ba2
parent0216269ff9090e773ae2a0616e5aaecf0a13af8b (diff)
Fix buffer overflow in debListParser::VersionHash()
If a package file is formatted in a way that that no space follows a deprecated "<", we would reformat it to "<=" and increase the length of the output by 1, which can break. Under normal circumstances with "<=" this should not be an issue. Closes: #828812 (cherry picked from commit b6e9756ca03ec887ef1d0bc8e38f63c29db7a365)
-rw-r--r--apt-pkg/deb/deblistparser.cc8
1 files changed, 6 insertions, 2 deletions
diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index ed5484ad9..e24ced271 100644
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -357,8 +357,12 @@ unsigned short debListParser::VersionHash()
continue;
*J++ = tolower_ascii(*Start);
- if ((*Start == '<' || *Start == '>') && Start[1] != *Start && Start[1] != '=')
- *J++ = '=';
+ /* Normalize <= to < and >= to >. This is the wrong way around, but
+ * more efficient that the right way. And since we're only hashing
+ * it does not matter which way we normalize. */
+ if ((*Start == '<' || *Start == '>') && Start[1] == '=') {
+ Start++;
+ }
}
Result = AddCRC16(Result,S,J - S);