From 809aa216c630f1cc61b0c3b9d992d4a3be14be3c Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Wed, 12 Aug 2015 20:44:40 +0200
Subject: policy: Be more strict about parsing pin files, and document prio 0

Treat invalid pin priorities and overflows as an error.

Closes: #429912
---
 apt-pkg/policy.cc | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'apt-pkg/policy.cc')

diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc
index bf6ec0ff7..76c36b71b 100644
--- a/apt-pkg/policy.cc
+++ b/apt-pkg/policy.cc
@@ -478,11 +478,18 @@ bool ReadPinFile(pkgPolicy &Plcy,string File)
       }
       for (; Word != End && isspace(*Word) != 0; Word++);
 
-      short int priority = Tags.FindI("Pin-Priority", 0);
+      int priority = Tags.FindI("Pin-Priority", 0);
+      if (priority < std::numeric_limits<short>::min() ||
+          priority > std::numeric_limits<short>::max() ||
+	  _error->PendingError()) {
+	 return _error->Error(_("%s: Value %s is outside the range of valid pin priorities (%d to %d)"),
+			      File.c_str(), Tags.FindS("Pin-Priority").c_str(),
+			      std::numeric_limits<short>::min(),
+			      std::numeric_limits<short>::max());
+      }
       if (priority == 0)
       {
-         _error->Warning(_("No priority (or zero) specified for pin"));
-         continue;
+         return _error->Error(_("No priority (or zero) specified for pin"));
       }
 
       istringstream s(Name);
-- 
cgit v1.2.3