Control: clone -1 -2 Control: retitle -1 dpkg: Control parser segfaults on empty field names Control: fixed -1 1.17.2 Control: retitle -2 dpkg: Control parser incorrectly matches on partial field names Control: tags -2
Hi! On Tue, 2014-11-11 at 23:13:09 +1100, Joshua Rogers wrote: > Package: dpkg > Version: 1.16.1.2 > Tags: bug, security > > This doesn't seem to be a vulnerability, but more of a bug.. > Best that the devs look at it rather than me, though. > > I'm using v1.16.1.2ubuntu7.5, but it is probably there in more recent > versions Part of this got fixed in 1.17.2, but it's still there in the latest release in the 1.16.x branch. I'll queue the fix for that one. > With the control file: > > > : 1 > > a: %s > > dpkg-deb --build will segfault. > > It will not segfault if you put something before > > : 1 > and will not segfault if This is the empty field issue. With a new enough dpkg it says this instead: $ dpkg-deb -b pkg-bogus-field dpkg-deb: error: parsing file 'pkg-bogus-field/DEBIAN/control' near line 0: empty field name > > a: %s > does not contain a "%" symbol. This is just the format string issue reported before, it affects only the Package and Architecture fields. The problem here is that the parser is matching partial strings against field names, so that's wrong, and I'm fixing this separately. Thanks, Guillem -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
