[Reproducible-commits] [dpkg] 07/10: libdpkg: Do not accept empty field names

[Holger Levsen]

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to annotated tag 1.16.18
in repository dpkg.

commit 0da09cb9b0e247e91cabd7c94d82c686045a9555
Author: Guillem Jover <guillem at debian.org>
Date:   Thu Sep 19 19:28:49 2013 +0200

    libdpkg: Do not accept empty field names
    
    Cherry picked from commit eecc61381b687a7ed6af65427e115dd4d2c765b6.
    
    These are just bogus, and should have never been accepted.
    
    Closes: #769111
---
 debian/changelog | 1 +
 lib/dpkg/parse.c | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 15e35cc..4b6381b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,7 @@ dpkg (1.16.18) UNRELEASED; urgency=medium
   * Fix memory leaks in dpkg infodb format upgrade logic.
   * Fix physical file offset comparison in dpkg. Closes: #808912
     Thanks to Yuri Gribov <tetra2005 at gmail.com>.
+  * Do not accept empty field names in dpkg. Closes: #769111
 
  -- Guillem Jover <guillem at debian.org>  Sat, 19 Mar 2016 19:13:34 +0100
 
diff --git a/lib/dpkg/parse.c b/lib/dpkg/parse.c
index 0236615..efb1bff 100644
--- a/lib/dpkg/parse.c
+++ b/lib/dpkg/parse.c
@@ -589,6 +589,8 @@ parse_stanza(struct parsedb_state *ps, struct field_state *fs,
     while (!parse_EOF(ps) && !isspace(c) && c != ':' && c != MSDOS_EOF_CHAR)
       c = parse_getc(ps);
     fs->fieldlen = ps->dataptr - fs->fieldstart - 1;
+    if (fs->fieldlen == 0)
+      parse_error(ps,  _("empty field name"));
 
     /* Skip spaces before ‘:’. */
     while (!parse_EOF(ps) && c != '\n' && isspace(c))

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git