[Reproducible-commits] [dpkg] 19/25: libdpkg: Do not match partial field names in control files

Holger Levsen holger at layer-acht.org
Tue May 3 08:43:55 UTC 2016 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to annotated tag 1.16.16
in repository dpkg.

commit 256a493df45d2427874827b1609a8292990e150a
Author: Guillem Jover <guillem at debian.org>
Date:   Tue Nov 11 17:37:04 2014 +0100

    libdpkg: Do not match partial field names in control files
    
    Cherry picked from commit 611305ef0e85092cc24887e040c19e9e808dd633.
    
    There is currently no instance of any misspelled field names known to
    dpkg in Debian. Only known field names are possibly affected.
    
    Regression introduced in commit 864e230e90de1cef94c81f10582e6d99717d593b.
    
    Closes: #769119
---
 debian/changelog | 2 ++
 lib/dpkg/parse.c | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 9c29d6f..d7751ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -29,6 +29,8 @@ dpkg (1.16.15+nmu1) UNRELEASED; urgency=low
     and they come from the package fields, which are under user control.
     Regression introduced in dpkg 1.16.0. Fixes CVE-2014-8625. Closes: #768485
     Reported by Joshua Rogers <megamansec at gmail.com>.
+  * Do not match partial field names in control files. Closes: #769119
+    Regression introduced in dpkg 1.10.
 
   [ Updated scripts translations ]
   * Fix typos in German (Helge Kreutzmann)
diff --git a/lib/dpkg/parse.c b/lib/dpkg/parse.c
index b51ca1b..446805b 100644
--- a/lib/dpkg/parse.c
+++ b/lib/dpkg/parse.c
@@ -130,7 +130,8 @@ pkg_parse_field(struct parsedb_state *ps, struct field_state *fs,
   }
 
   for (fip = fieldinfos, ip = fs->fieldencountered; fip->name; fip++, ip++)
-    if (strncasecmp(fip->name, fs->fieldstart, fs->fieldlen) == 0)
+    if (strncasecmp(fip->name, fs->fieldstart, fs->fieldlen) == 0 &&
+        fip->name[fs->fieldlen] == '\0')
       break;
   if (fip->name) {
     if ((*ip)++)
@@ -151,7 +152,8 @@ pkg_parse_field(struct parsedb_state *ps, struct field_state *fs,
                   fs->fieldlen, fs->fieldstart);
     larpp = &pkg_obj->pkgbin->arbs;
     while ((arp = *larpp) != NULL) {
-      if (strncasecmp(arp->name, fs->fieldstart, fs->fieldlen) == 0)
+      if (strncasecmp(arp->name, fs->fieldstart, fs->fieldlen) == 0 &&
+          arp->name[fs->fieldlen] == '\0')
         parse_error(ps,
                    _("duplicate value for user-defined field `%.*s'"),
                    fs->fieldlen, fs->fieldstart);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list