[dpkg] 27/192: libdpkg: Do not parse device number for non block nor char tar entry objects

Ximin Luo infinity0 at debian.org
Tue Oct 17 11:03:53 UTC 2017 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.

commit a6fbd1693e41d86db6884f1ce8b8576fcdeb7495
Author: Guillem Jover <guillem at debian.org>
Date:   Mon May 15 06:45:14 2017 +0200

    libdpkg: Do not parse device number for non block nor char tar entry objects
    
    We should not try to parse these fields if the tar entry is neither
    a block nor a char device.
    
    On older tar entries these fields will be all NULs, so it would make
    a parser expecting a somewhat strictly formatted octal value to error
    out.
---
 debian/changelog | 2 ++
 lib/dpkg/tarfn.c | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index f7f22d9..e92b510 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,8 @@ dpkg (1.18.24) UNRELEASED; urgency=medium
     on diversions. Closes: #837051, #858004
   * Fix digest inference for shared conffiles, causing bogus takeover
     unpack errors. Regression introduced in dpkg 1.16.9. Closes: #861217
+  * Improve tar entry metadata parsing in dpkg:
+    - Do not parse device numbers for non block nor char tar entry objects.
   * Architecture support:
     - Add support for ARM64 ILP32. Closes: #824742
       Thanks to Wookey <wookey at wookware.org>.
diff --git a/lib/dpkg/tarfn.c b/lib/dpkg/tarfn.c
index 6082053..ca921f0 100644
--- a/lib/dpkg/tarfn.c
+++ b/lib/dpkg/tarfn.c
@@ -175,8 +175,12 @@ tar_header_decode(struct tar_header *h, struct tar_entry *d)
 	d->stat.mode = tar_header_get_unix_mode(h);
 	d->size = (off_t)tar_oct2int(h->size, sizeof(h->size));
 	d->mtime = (time_t)tar_oct2int(h->mtime, sizeof(h->mtime));
-	d->dev = makedev(tar_oct2int(h->devmajor, sizeof(h->devmajor)),
-			 tar_oct2int(h->devminor, sizeof(h->devminor)));
+
+	if (d->type == TAR_FILETYPE_CHARDEV || d->type == TAR_FILETYPE_BLOCKDEV)
+		d->dev = makedev(tar_oct2int(h->devmajor, sizeof(h->devmajor)),
+				 tar_oct2int(h->devminor, sizeof(h->devminor)));
+	else
+		d->dev = makedev(0, 0);
 
 	if (*h->user)
 		d->stat.uname = m_strndup(h->user, sizeof(h->user));

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list