* apt-pkg/deb/deblistparser.cc:

  - check length and containing chars for a given description md5sum

2 files changed, 15 insertions, 6 deletions

diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index 00e2bd900..7bef6772c 100644
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -215,15 +215,22 @@ string debListParser::DescriptionLanguage()
  */
 MD5SumValue debListParser::Description_md5()
 {
-   string value = Section.FindS("Description-md5");
-
-   if (value.empty()) 
+   string const value = Section.FindS("Description-md5");
+   if (value.empty() == true)
    {
       MD5Summation md5;
       md5.Add((Description() + "\n").c_str());
       return md5.Result();
-   } else
-      return MD5SumValue(value);
+   }
+   else if (likely(value.size() == 32))
+   {
+      if (likely(value.find_first_not_of("0123456789abcdefABCDEF") == string::npos))
+	 return MD5SumValue(value);
+      _error->Error("Malformed Description-md5 line; includes invalid character '%s'", value.c_str());
+      return MD5SumValue();
+   }
+   _error->Error("Malformed Description-md5 line; doesn't have the required length (32 != %d) '%s'", (int)value.size(), value.c_str());
+   return MD5SumValue();
 }
                                                                         /*}}}*/
 // ListParser::UsePackage - Update a package structure			/*{{{*/
diff --git a/debian/changelog b/debian/changelog
index 799653d5f..72830ad91 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,8 +28,10 @@ apt (0.9.3) unstable; urgency=low
     - use the correct library name the symbols header
   * apt-pkg/pkgcachegen.cc:
     - check if NewDescription allocation has failed and error out accordingly
+  * apt-pkg/deb/deblistparser.cc:
+    - check length and containing chars for a given description md5sum
 
- -- David Kalnischkies <kalnischkies@gmail.com>  Wed, 02 May 2012 21:59:02 +0200
+ -- David Kalnischkies <kalnischkies@gmail.com>  Wed, 02 May 2012 22:28:32 +0200
 
 apt (0.9.2) unstable; urgency=low