teknoraver / rpms / rpm

Forked from rpms/rpm 5 months ago
Clone

Blame rpm-4.13.x-transfiletriggerpostun-invalid-read.patch

Panu Matilainen d3306a
From f6521c50f6836374a0f7995f8f393aaf36e178ea Mon Sep 17 00:00:00 2001
Panu Matilainen d3306a
Message-Id: <f6521c50f6836374a0f7995f8f393aaf36e178ea.1478522529.git.pmatilai@redhat.com>
Panu Matilainen d3306a
From: Panu Matilainen <pmatilai@redhat.com>
Panu Matilainen d3306a
Date: Mon, 7 Nov 2016 13:38:39 +0200
Panu Matilainen d3306a
Subject: [PATCH] Fix %transfiletriggerpostun undeterministic behavior
Panu Matilainen d3306a
 (RhBug:1284645)
Panu Matilainen d3306a
Panu Matilainen d3306a
Keys from rpmdbIndexIteratorNext() are not necessarily \0-terminated,
Panu Matilainen d3306a
buyer beware.
Panu Matilainen d3306a
Panu Matilainen d3306a
Sometimes you get lucky, but in particular when built as PIE (such as
Panu Matilainen d3306a
by default in Fedora) this falls over consistently.
Panu Matilainen d3306a
In Fedora this has been hidden by the fact that test suite has been
Panu Matilainen d3306a
disabled because its been so broken with fakechroot until recently,
Panu Matilainen d3306a
and without PIE the testsuite regularly passes. Valgrind does
Panu Matilainen d3306a
complain though.
Panu Matilainen d3306a
---
Panu Matilainen d3306a
 lib/rpmtriggers.c | 5 ++++-
Panu Matilainen d3306a
 1 file changed, 4 insertions(+), 1 deletion(-)
Panu Matilainen d3306a
Panu Matilainen d3306a
diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
Panu Matilainen d3306a
index a8612c0..ca22a6b 100644
Panu Matilainen d3306a
--- a/lib/rpmtriggers.c
Panu Matilainen d3306a
+++ b/lib/rpmtriggers.c
Panu Matilainen d3306a
@@ -114,8 +114,11 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
Panu Matilainen d3306a
 
Panu Matilainen d3306a
     /* Iterate over file triggers in rpmdb */
Panu Matilainen d3306a
     while ((rpmdbIndexIteratorNext(ii, &key, &keylen)) == 0) {
Panu Matilainen d3306a
+	char pfx[keylen + 1];
Panu Matilainen d3306a
+	memcpy(pfx, key, keylen);
Panu Matilainen d3306a
+	pfx[keylen] = '\0';
Panu Matilainen d3306a
 	/* Check if file trigger matches any file in this te */
Panu Matilainen d3306a
-	rpmfi fi = rpmfilesFindPrefix(files, key);
Panu Matilainen d3306a
+	rpmfi fi = rpmfilesFindPrefix(files, pfx);
Panu Matilainen d3306a
 	if (rpmfiFC(fi) > 0) {
Panu Matilainen d3306a
 	    /* If yes then store it */
Panu Matilainen d3306a
 	    rpmdbAppendIterator(mi, rpmdbIndexIteratorPkgOffsets(ii),
Panu Matilainen d3306a
-- 
Panu Matilainen d3306a
2.7.4
Panu Matilainen d3306a