[dpkg] 27/192: libdpkg: Do not parse device number for non block nor char tar entry objects
Ximin Luo
infinity0 at debian.org
Tue Oct 17 11:03:53 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.
commit a6fbd1693e41d86db6884f1ce8b8576fcdeb7495
Author: Guillem Jover <guillem at debian.org>
Date: Mon May 15 06:45:14 2017 +0200
libdpkg: Do not parse device number for non block nor char tar entry objects
We should not try to parse these fields if the tar entry is neither
a block nor a char device.
On older tar entries these fields will be all NULs, so it would make
a parser expecting a somewhat strictly formatted octal value to error
out.
---
debian/changelog | 2 ++
lib/dpkg/tarfn.c | 8 ++++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index f7f22d9..e92b510 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,8 @@ dpkg (1.18.24) UNRELEASED; urgency=medium
on diversions. Closes: #837051, #858004
* Fix digest inference for shared conffiles, causing bogus takeover
unpack errors. Regression introduced in dpkg 1.16.9. Closes: #861217
+ * Improve tar entry metadata parsing in dpkg:
+ - Do not parse device numbers for non block nor char tar entry objects.
* Architecture support:
- Add support for ARM64 ILP32. Closes: #824742
Thanks to Wookey <wookey at wookware.org>.
diff --git a/lib/dpkg/tarfn.c b/lib/dpkg/tarfn.c
index 6082053..ca921f0 100644
--- a/lib/dpkg/tarfn.c
+++ b/lib/dpkg/tarfn.c
@@ -175,8 +175,12 @@ tar_header_decode(struct tar_header *h, struct tar_entry *d)
d->stat.mode = tar_header_get_unix_mode(h);
d->size = (off_t)tar_oct2int(h->size, sizeof(h->size));
d->mtime = (time_t)tar_oct2int(h->mtime, sizeof(h->mtime));
- d->dev = makedev(tar_oct2int(h->devmajor, sizeof(h->devmajor)),
- tar_oct2int(h->devminor, sizeof(h->devminor)));
+
+ if (d->type == TAR_FILETYPE_CHARDEV || d->type == TAR_FILETYPE_BLOCKDEV)
+ d->dev = makedev(tar_oct2int(h->devmajor, sizeof(h->devmajor)),
+ tar_oct2int(h->devminor, sizeof(h->devminor)));
+ else
+ d->dev = makedev(0, 0);
if (*h->user)
d->stat.uname = m_strndup(h->user, sizeof(h->user));
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list