michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone
Blob Blame History Raw
From 19d73f67883c011cc74326a5dc34f7009efa60e1 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Tue, 6 Sep 2022 13:15:44 +0300
Subject: [PATCH] Fix buffer overrun from commit
 4420c78beb86cc67392274bf351478a3375626a2

The newly handled ^ needs to be accounted for when allocating memory.
Found when testing #1936, goes to show what a useful thing that is.
---
 lib/rpmdb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/rpmdb.c b/lib/rpmdb.c
index fd2b0671ae..b3c5da62d5 100644
--- a/lib/rpmdb.c
+++ b/lib/rpmdb.c
@@ -1107,6 +1107,7 @@ static char * mireDup(rpmTagVal tag, rpmMireMode *modep,
 	    case '.':
 	    case '+':
 	    case '*':
+	    case '^':
 		if (!brackets) nb++;
 		break;
 	    case '\\':