summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2020-02-20 12:49:15 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2020-02-26 18:12:18 +0100
commit110078022a6c6103be8f557aef1e268c4b680d88 (patch)
treeb2a29c48a2509816247fdc52e9dc6f0502b14c79 /apt-pkg/contrib
parent6bb1c85fd045e421be36957453ee318c0cea8fb0 (diff)
Parse records including empty tag names correctly
No sensible file should include these, but even insensible files do not gain unfair advantages with it as this parser does not deal with security critical files before they haven't passed other checks like signatures or hashsums. The problem is that the parser accepts and parses empty tag names correctly, but does not store the data parsed which will effect later passes over the data resulting e.g. in the following tag containing the name and value of the previous (empty) tag, its own tagname and its own value or a crash due to an attempt to access invalid memory depending on who passes over the data and what is done with it. This commit fixes both, the incidient of the crash reported by Anatoly Trosinenko who reproduced it via apt-sortpkgs: | $ cat /tmp/Packages-null | 0: | PACKAGE:0 | | : | PACKAGE: | | PACKAGE:: | $ apt-sortpkgs /tmp/Packages-null and the deeper parsing issue shown by the included testcase. Reported-By: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> References: 8710a36a01c0cb1648926792c2ad05185535558e
Diffstat (limited to 'apt-pkg/contrib')
0 files changed, 0 insertions, 0 deletions