diff options
author | Julian Andres Klode <jak@debian.org> | 2016-06-28 10:24:11 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2016-08-31 13:14:17 +0200 |
commit | 36d673ecf7bdf6b3d594cac5789308c8a6b346c1 (patch) | |
tree | 3cb48182e6bf0a498dea541730088c3e33840ba2 | |
parent | 0216269ff9090e773ae2a0616e5aaecf0a13af8b (diff) |
Fix buffer overflow in debListParser::VersionHash()
If a package file is formatted in a way that that no space
follows a deprecated "<", we would reformat it to "<=" and
increase the length of the output by 1, which can break.
Under normal circumstances with "<=" this should not be an
issue.
Closes: #828812
(cherry picked from commit b6e9756ca03ec887ef1d0bc8e38f63c29db7a365)
-rw-r--r-- | apt-pkg/deb/deblistparser.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc index ed5484ad9..e24ced271 100644 --- a/apt-pkg/deb/deblistparser.cc +++ b/apt-pkg/deb/deblistparser.cc @@ -357,8 +357,12 @@ unsigned short debListParser::VersionHash() continue; *J++ = tolower_ascii(*Start); - if ((*Start == '<' || *Start == '>') && Start[1] != *Start && Start[1] != '=') - *J++ = '='; + /* Normalize <= to < and >= to >. This is the wrong way around, but + * more efficient that the right way. And since we're only hashing + * it does not matter which way we normalize. */ + if ((*Start == '<' || *Start == '>') && Start[1] == '=') { + Start++; + } } Result = AddCRC16(Result,S,J - S); |