commit f5c953e2b8c49187f8e874a53f1bb6ed89e4d810

Author: Michal Domonkos <mdomonko@redhat.com>

Date:   Tue Feb 16 13:42:20 2016 +0100

    Allow for validating attributes read from yumdb

    Make sure we don't expose corrupted attributes read from the yumdb to

    the consumers.  There's at least one report of such a corruption: BZ

    1234967.  Instead, make requesting a malformed yumdb attribute

    equivalent to requesting a non-existent one -- which is a valid

    scenario, already handled by the consumers.

    Note that the actual validator function that fixes the above bug will be

    committed separately.

diff --git a/yum/rpmsack.py b/yum/rpmsack.py

index 229e1a1..270ade9 100644

--- a/yum/rpmsack.py

+++ b/yum/rpmsack.py

@@ -1755,6 +1755,9 @@ class RPMDBAdditionalDataPackage(object):

                                 'group_member',

                                 'command_line'])

+    # Validate these attributes when they are read from a file

+    _validators = {}

+

     def __init__(self, conf, pkgdir, yumdb_cache=None):

         self._conf = conf

         self._mydir = pkgdir

@@ -1903,6 +1906,15 @@ class RPMDBAdditionalDataPackage(object):

         fo.close()

         del fo

+        # Validate the attribute we just read from the file.  Some attributes

+        # may require being in a specific format and we can't guarantee the

+        # file has not been tampered with outside of yum.

+        if attr in self._validators:

+            valid = self._validators[attr]

+            if not valid(value):

+                raise AttributeError, \

+                    "Invalid value of attribute %s on %s" % (attr, self)

+

         if info.st_nlink > 1 and self._yumdb_cache is not None:

             self._yumdb_cache[key] = value

         self._auto_cache(attr, value, fn, info)

commit 6972a28059790177ab95e0bce92311aa882ae465

Author: Michal Domonkos <mdomonko@redhat.com>

Date:   Tue Feb 16 13:53:04 2016 +0100

    Don't crash on invalid from_repo in yumdb. BZ 1234967

    Implement a yumdb validator function for the from_repo attribute.  This

    prevents yum from crashing if an implicit conversion to unicode takes

    place somewhere and the attribute contains non-ascii chars due to some

    yumdb corruption.

    Reproducers:

    $ yum install foo

    $ yumdb set from_repo <non-ascii-chars> foo

    $ yum list foo  # crash

    $ yum --disablerepo=<repo-with-foo> reinstall foo  # crash

    $ yum --verbose version installed  # crash

diff --git a/yum/__init__.py b/yum/__init__.py

index 84bea3e..1f6ce16 100644

--- a/yum/__init__.py

+++ b/yum/__init__.py

@@ -95,7 +95,6 @@ from yum.rpmtrans import RPMTransaction,SimpleCliCallBack

 from yum.i18n import to_unicode, to_str, exception2msg

 from yum.drpm import DeltaInfo, DeltaPackage

-import string

 import StringIO

 from weakref import proxy as weakref

@@ -476,17 +475,7 @@ class YumBase(depsolve.Depsolve):

                 continue

             # Check the repo.id against the valid chars

-            bad = None

-            for byte in section:

-                if byte in string.ascii_letters:

-                    continue

-                if byte in string.digits:

-                    continue

-                if byte in "-_.:":

-                    continue

-                

-                bad = byte

-                break

+            bad = misc.validate_repoid(section)

             if bad:

                 self.logger.warning("Bad id for repo: %s, byte = %s %d" %

diff --git a/yum/misc.py b/yum/misc.py

index f72f028..345934b 100644

--- a/yum/misc.py

+++ b/yum/misc.py

@@ -24,6 +24,7 @@ import bz2

 import gzip

 import shutil

 import urllib

+import string

 _available_compression = ['gz', 'bz2']

 try:

     import lzma

@@ -1248,3 +1249,12 @@ def filter_pkgs_repoid(pkgs, repoid):

             continue

         ret.append(pkg)

     return ret

+

+def validate_repoid(repoid):

+    """Return the first invalid char found in the repoid, or None."""

+    allowed_chars = string.ascii_letters + string.digits + '-_.:'

+    for char in repoid:

+        if char not in allowed_chars:

+            return char

+    else:

+        return None

diff --git a/yum/rpmsack.py b/yum/rpmsack.py

index 270ade9..11814f1 100644

--- a/yum/rpmsack.py

+++ b/yum/rpmsack.py

@@ -1756,7 +1756,10 @@ class RPMDBAdditionalDataPackage(object):

                                 'command_line'])

     # Validate these attributes when they are read from a file

-    _validators = {}

+    _validators = {

+        # Fixes BZ 1234967

+        'from_repo': lambda repoid: misc.validate_repoid(repoid) is None,

+    }

     def __init__(self, conf, pkgdir, yumdb_cache=None):

         self._conf = conf

commit c02805ed3b23f97843931e0784d2823b8024e441

Author: Michal Domonkos <mdomonko@redhat.com>

Date:   Tue Feb 16 17:20:26 2016 +0100

    docs: mention special case for unknown from_repo

diff --git a/docs/yum.8 b/docs/yum.8

index e428148..eb52fb7 100644

--- a/docs/yum.8

+++ b/docs/yum.8

@@ -964,6 +964,8 @@ The format of the output of yum list is:

 name.arch [epoch:]version-release  repo or @installed-from-repo

+Note that if the repo cannot be determined, "installed" is printed instead.

+

 .IP "\fByum list [all | glob_exp1] [glob_exp2] [\&.\&.\&.]\fP"

 List all available and installed packages\&.

 .IP "\fByum list available [glob_exp1] [\&.\&.\&.]\fP"