diff --git a/lib/formats.c b/lib/formats.c index d1d176b..95f15ab 100644 --- a/lib/formats.c +++ b/lib/formats.c @@ -630,9 +630,12 @@ static int i18nTag(Header h, int_32 tag, /*@out@*/ rpmTagType * type, { const char * tn = tagName(tag); const char * n; char * mk; - (void) headerNVR(h, &n, NULL, NULL); - mk = alloca(strlen(n) + strlen(tn) + sizeof("()")); - sprintf(mk, "%s(%s)", n, tn); + size_t nb = sizeof("()"); + int xx = headerNVR(h, &n, NULL, NULL); + if (tn) nb += strlen(tn); + if (n) nb += strlen(n); + mk = alloca(nb); + sprintf(mk, "%s(%s)", (n?n:""), (tn?tn:"")); msgkey = mk; } diff --git a/lib/package.c b/lib/package.c index d5f4ef6..b734bd8 100644 --- a/lib/package.c +++ b/lib/package.c @@ -227,9 +227,6 @@ static rpmRC readPackageHeaders(FD_t fd, if (!headerIsEntry(*hdr, RPMTAG_SOURCEPACKAGE)) (void)headerAddEntry(*hdr, RPMTAG_SOURCEPACKAGE, RPM_INT32_TYPE, &one, 1); - } else if (lead->major < 4) { - /* Retrofit "Provide: name = EVR" for binary packages. */ - providePackageNVR(*hdr); } break; diff --git a/lib/query.c b/lib/query.c index 3dfc30c..94ebf3d 100644 --- a/lib/query.c +++ b/lib/query.c @@ -174,6 +174,8 @@ int showQueryPackage(QVA_t qva, /*@unused@*/rpmdb rpmdb, Header h) { HGE_t hge = (HGE_t)headerGetEntryMinMemory; HFD_t hfd = headerFreeData; + size_t tb = 2 * BUFSIZ; + size_t sb; char * t, * te; rpmQueryFlags queryFlags = qva->qva_flags; const char * queryFormat = qva->qva_queryFormat; @@ -199,28 +201,24 @@ int showQueryPackage(QVA_t qva, /*@unused@*/rpmdb rpmdb, Header h) int rc = 0; /* XXX FIXME: need real return code */ int i; - te = t = xmalloc(BUFSIZ); + te = t = xmalloc(tb); *te = '\0'; if (queryFormat == NULL && queryFlags == QUERY_FOR_DEFAULT) { - const char * name, * version, * release; - (void) headerNVR(h, &name, &version, &release); - te = stpcpy(te, name); - te = stpcpy( stpcpy(te, "-"), version); - te = stpcpy( stpcpy(te, "-"), release); - goto exit; + queryFormat = "%{name}-%{version}-%{release}\n"; } if (queryFormat) { const char * str = queryHeader(h, queryFormat); /*@-branchstate@*/ if (str) { - size_t tb = (te - t); - size_t sb = strlen(str); + size_t tx = (te - t); - if (sb >= (BUFSIZ - tb)) { - t = xrealloc(t, BUFSIZ+sb); - te = t + tb; + sb = strlen(str); + if (sb) { + tb += sb; + t = xrealloc(t, tb); + te = t + tx; } /*@-usereleased@*/ te = stpcpy(te, str); diff --git a/rpm-4_0.spec b/rpm-4_0.spec index 00c9cec..b0df6dc 100644 --- a/rpm-4_0.spec +++ b/rpm-4_0.spec @@ -4,7 +4,7 @@ Name: %rpm_name Version: %rpm_version -Release: alt76 +Release: alt77 %define ifdef() %if %{expand:%%{?%{1}:1}%%{!?%{1}:0}} %define get_dep() %(rpm -q --qf '%%{NAME} >= %%|SERIAL?{%%{SERIAL}:}|%%{VERSION}-%%{RELEASE}' %1 2>/dev/null || echo '%1 >= unknown') @@ -524,6 +524,16 @@ fi %endif #with contrib %changelog +* Fri May 18 2007 Dmitry V. Levin 4.0.4-alt77 +- rpmio/macro.c (doFoo): + Fixed potential buffer overflow in %%homedir macro processing. +- lib/formats.c (i18nTag): + Fixed potential null dereference on header without RPMTAG_NAME (RH#239557). +- lib/package.c (readPackageHeaders): + Removed insecure legacy providePackageNVR() call. +- lib/query.c (showQueryPackage): + Fixed potential null dereference in QUERY_FOR_DEFAULT mode. + * Tue Apr 10 2007 Dmitry V. Levin 4.0.4-alt76 - rpmRunTransactions: Ignore unavailable mount points instead of bailing out. diff --git a/rpmio/macro.c b/rpmio/macro.c index 47ab5ea..e15df42 100644 --- a/rpmio/macro.c +++ b/rpmio/macro.c @@ -1148,7 +1148,7 @@ doFoo(MacroBuf mb, int negate, const char * f, size_t fn, buf[0] = '\0'; if (pw && pw->pw_dir) { - strncat (buf, pw->pw_dir, sizeof buf); + strncat (buf, pw->pw_dir, sizeof(buf) - 1); b = buf; } }