Merge branch 'pu/tagfile-hardening' into 'master'

Pu/tagfile hardening

See merge request apt-team/apt!104

1 files changed, 14 insertions, 1 deletions

diff --git a/apt-pkg/tagfile.cc b/apt-pkg/tagfile.cc
index bbece1d7e..0f0d8c9a7 100644
--- a/apt-pkg/tagfile.cc
+++ b/apt-pkg/tagfile.cc
@@ -669,6 +669,9 @@ bool pkgTagSection::Find(StringView TagView,unsigned int &Pos) const
 bool pkgTagSection::FindInternal(unsigned int Pos, const char *&Start,
 		         const char *&End) const
 {
+   if (unlikely(Pos + 1 >= d->Tags.size() || Pos >= d->Tags.size()))
+      return _error->Error("Internal parsing error");
+
    Start = Section + d->Tags[Pos].StartValue;
    // Strip off the gunk from the end
    End = Section + d->Tags[Pos + 1].StartTag;
@@ -713,9 +716,17 @@ StringView pkgTagSection::Find(Key key) const
 // TagSection::FindRawS - Find a string					/*{{{*/
 StringView pkgTagSection::FindRawInternal(unsigned int Pos) const
 {
+   if (unlikely(Pos + 1 >= d->Tags.size() || Pos >= d->Tags.size()))
+      return _error->Error("Internal parsing error"), "";
+
    char const *Start = (char const *) memchr(Section + d->Tags[Pos].EndTag, ':', d->Tags[Pos].StartValue - d->Tags[Pos].EndTag);
-   ++Start;
    char const *End = Section + d->Tags[Pos + 1].StartTag;
+
+   if (Start == nullptr)
+      return "";
+
+   ++Start;
+
    if (unlikely(Start > End))
       return "";
 
@@ -923,6 +934,8 @@ bool pkgTagSection::FindFlag(unsigned long &Flags, unsigned long Flag,
 									/*}}}*/
 void pkgTagSection::Get(const char *&Start,const char *&Stop,unsigned int I) const/*{{{*/
 {
+   if (unlikely(I + 1 >= d->Tags.size() || I >= d->Tags.size()))
+      abort();
    Start = Section + d->Tags[I].StartTag;
    Stop = Section + d->Tags[I+1].StartTag;
 }