On 03/11/15 04:04, Andrew Gregory wrote:
Overly long paths cannot be extracted and paths with newlines cannot be represented in our database format.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> --- lib/libalpm/be_package.c | 15 ++++++++++++--- test/pacman/tests/TESTS | 3 +++ test/pacman/tests/filename-basename-too-long.py | 15 +++++++++++++++ test/pacman/tests/filename-path-too-long.py | 20 ++++++++++++++++++++ test/pacman/tests/filename-with-newline.py | 11 +++++++++++ 5 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 test/pacman/tests/filename-basename-too-long.py create mode 100644 test/pacman/tests/filename-path-too-long.py create mode 100644 test/pacman/tests/filename-with-newline.py
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index 53399a3..52db319 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -18,6 +18,7 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */
+#include <limits.h> #include <stdlib.h> #include <string.h> #include <errno.h> @@ -390,7 +391,17 @@ static int add_entry_to_files_list(alpm_filelist_t *filelist, const size_t files_count = filelist->count; alpm_file_t *current_file; mode_t type; - size_t pathlen; + size_t pathlen = strlen(path); + + /* +2 to leave space for prepending minimal possible root and appending + * trailing slash if a directory */ + if(pathlen + 2 >= PATH_MAX || strlen(mbasename(path)) >= NAME_MAX) { + return -1; + } + /* our database format cannot represent paths with newlines */ + if(memchr(path, '\n', pathlen)) { + return -1; + }
Are these worth of debug messages?
if(!_alpm_greedy_grow((void **)&filelist->files, files_size, (files_count + 1) * sizeof(alpm_file_t))) { @@ -399,8 +410,6 @@ static int add_entry_to_files_list(alpm_filelist_t *filelist,
type = archive_entry_filetype(entry);
- pathlen = strlen(path); - current_file = filelist->files + files_count;
/* mtree paths don't contain a tailing slash, those we get from