[dpkg] 14/36: dpkg-split: Fix off-by-one check in ar header padding

Sun, 31 May 2020 17:42:32 -0700 

This is an automated email from the git hooks/post-receive script.

guillem pushed a commit to branch master
in repository dpkg.

View the commit online:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=d2bbc4075c7c2967cd28597322158eacc41e5680

commit d2bbc4075c7c2967cd28597322158eacc41e5680
Author: Guillem Jover <[email protected]>
AuthorDate: Sun May 24 18:51:59 2020 +0200

    dpkg-split: Fix off-by-one check in ar header padding
    
    We always allocate two more bytes than the member size, and NUL the byte
    past the member size. But we were checking one byte past the padding byte
    which would not match, and would make the parser error out on valid
    archives.
    
    Update the functional test suite to add two digit split parts so that we
    can trigger this condition in the future and avoid regressions.
    
    Fixes: commit a15e095201abd2cb3490337b620ede8338bc3de1
    Stable-Candidate: 1.18.x 1.19.x
---
 debian/changelog    |  2 ++
 dpkg-split/info.c   |  2 +-
 t-func/deb-split.at | 87 +++++++++++++++++++++++++++++++++++------------------
 3 files changed, 60 insertions(+), 31 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b6fa5cc59..73ffb59df 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,8 @@ dpkg (1.20.1) UNRELEASED; urgency=medium
     Prompted by Felix Lechner <[email protected]>.
   * dpkg-deb, dpkg: Do not accept relative pathnames in DEBIAN/conffiles.
     Reported by Niels Thykier <[email protected]>.
+  * dpkg-split: Fix off-by-one check in ar header padding, that was making
+    parsing error out on valid archives. Regression introduced in dpkg 1.18.8.
   * Portability:
     - libdpkg: When using uselocale(), include <xlocale.h> for locale_t if
       the header is available. Needed on BSDs.
diff --git a/dpkg-split/info.c b/dpkg-split/info.c
index 58d115365..245fcddb5 100644
--- a/dpkg-split/info.c
+++ b/dpkg-split/info.c
@@ -126,7 +126,7 @@ read_info(struct dpkg_ar *ar, struct partinfo *ir)
   if (rc != (ssize_t)(thisilen + (thisilen & 1)))
     read_fail(rc, ar->name, "reading header member");
   if (thisilen & 1) {
-    int c = readinfobuf[thisilen + 1];
+    int c = readinfobuf[thisilen];
 
     if (c != '\n')
       ohshit(_("file '%.250s' is corrupt - bad padding character (code %d)"),
diff --git a/t-func/deb-split.at b/t-func/deb-split.at
index 20a351950..33f9e6041 100644
--- a/t-func/deb-split.at
+++ b/t-func/deb-split.at
@@ -16,66 +16,93 @@ AT_CHECK([
 chmod -R u+w pkg-split
 # XXX: Some environments set SIGPIPE to ignore which we cannot reset, and 'yes'
 # does check print error conditions, so we ignore its error message here.
-yes 2>/dev/null | dd of=pkg-split/data-file bs=1024 count=1024 status=none
+yes 2>/dev/null | dd of=pkg-split/data-file bs=1024 count=2048 status=none
 find pkg-split | xargs touch -t 197001010100.00
 dpkg-deb --root-owner-group -Znone -b pkg-split >/dev/null
 ])
 
 AT_CHECK([
-# Test splitting a package (in 3 parts: 400 KiB + 400 KiB + 224 KiB)
-dpkg-split -S 400 -s pkg-split.deb pkg-split-part
-test -f pkg-split-part.1of3.deb
-test -f pkg-split-part.2of3.deb
-test -f pkg-split-part.3of3.deb
-], [], [Splitting package pkg-split into 3 parts: 1 2 3 done
+# Test splitting a package (in 10 parts: 9 * 210 KiB B + 158 KiB)
+dpkg-split -S 210 -s pkg-split.deb pkg-split-part
+for p in $(seq 10); do
+  test -f pkg-split-part.${p}of10.deb
+done
+], [], [Splitting package pkg-split into 10 parts: 1 2 3 4 5 6 7 8 9 10 done
 ])
 
-DEB_SPLIT_MD5SUM=c669258de88761bf90ad6621bdffd6f1
-DEB_SPLIT_LENGTH=1065152
+DEB_SPLIT_MD5SUM=0a4dfee0e57e273cd260ece947ce6bde
+DEB_SPLIT_LENGTH=2109632
+DEB_SPLIT_PART_LENGTH=214016
+DEB_SPLIT_PART_SIZE=214222
+DEB_SPLIT_LAST_LENGTH=183488
+DEB_SPLIT_LAST_SIZE=183694
 
 AT_CHECK_UNQUOTED([
 # Test getting information about the split parts (parsing verification)
-dpkg-split -I pkg-split-part.1of3.deb
-dpkg-split -I pkg-split-part.2of3.deb
-dpkg-split -I pkg-split-part.3of3.deb
-], [], [pkg-split-part.1of3.deb:
+dpkg-split -I pkg-split-part.1of10.deb
+], [], [pkg-split-part.1of10.deb:
     Part format version:            2.1
     Part of package:                pkg-split
         ... version:                0.0-1
         ... architecture:           all
         ... MD5 checksum:           $DEB_SPLIT_MD5SUM
         ... length:                 $DEB_SPLIT_LENGTH bytes
-        ... split every:            408576 bytes
-    Part number:                    1/3
-    Part length:                    408576 bytes
+        ... split every:            $DEB_SPLIT_PART_LENGTH bytes
+    Part number:                    1/10
+    Part length:                    $DEB_SPLIT_PART_LENGTH bytes
     Part offset:                    0 bytes
-    Part file size (used portion):  408780 bytes
+    Part file size (used portion):  $DEB_SPLIT_PART_SIZE bytes
 
-pkg-split-part.2of3.deb:
+])
+AT_CHECK_UNQUOTED([
+# Test getting information about the split parts (parsing verification)
+dpkg-split -I pkg-split-part.2of10.deb
+], [], [pkg-split-part.2of10.deb:
+    Part format version:            2.1
+    Part of package:                pkg-split
+        ... version:                0.0-1
+        ... architecture:           all
+        ... MD5 checksum:           $DEB_SPLIT_MD5SUM
+        ... length:                 $DEB_SPLIT_LENGTH bytes
+        ... split every:            $DEB_SPLIT_PART_LENGTH bytes
+    Part number:                    2/10
+    Part length:                    $DEB_SPLIT_PART_LENGTH bytes
+    Part offset:                    214016 bytes
+    Part file size (used portion):  $DEB_SPLIT_PART_SIZE bytes
+
+])
+AT_CHECK_UNQUOTED([
+# Test getting information about the split parts (parsing verification)
+dpkg-split -I pkg-split-part.9of10.deb
+], [], [pkg-split-part.9of10.deb:
     Part format version:            2.1
     Part of package:                pkg-split
         ... version:                0.0-1
         ... architecture:           all
         ... MD5 checksum:           $DEB_SPLIT_MD5SUM
         ... length:                 $DEB_SPLIT_LENGTH bytes
-        ... split every:            408576 bytes
-    Part number:                    2/3
-    Part length:                    408576 bytes
-    Part offset:                    408576 bytes
-    Part file size (used portion):  408780 bytes
+        ... split every:            $DEB_SPLIT_PART_LENGTH bytes
+    Part number:                    9/10
+    Part length:                    $DEB_SPLIT_PART_LENGTH bytes
+    Part offset:                    1712128 bytes
+    Part file size (used portion):  $DEB_SPLIT_PART_SIZE bytes
 
-pkg-split-part.3of3.deb:
+])
+AT_CHECK_UNQUOTED([
+# Test getting information about the split parts (parsing verification)
+dpkg-split -I pkg-split-part.10of10.deb
+], [], [pkg-split-part.10of10.deb:
     Part format version:            2.1
     Part of package:                pkg-split
         ... version:                0.0-1
         ... architecture:           all
         ... MD5 checksum:           $DEB_SPLIT_MD5SUM
         ... length:                 $DEB_SPLIT_LENGTH bytes
-        ... split every:            408576 bytes
-    Part number:                    3/3
-    Part length:                    248000 bytes
-    Part offset:                    817152 bytes
-    Part file size (used portion):  248204 bytes
+        ... split every:            $DEB_SPLIT_PART_LENGTH bytes
+    Part number:                    10/10
+    Part length:                    $DEB_SPLIT_LAST_LENGTH bytes
+    Part offset:                    1926144 bytes
+    Part file size (used portion):  $DEB_SPLIT_LAST_SIZE bytes
 
 ])
 
@@ -83,7 +110,7 @@ AT_CHECK([
 # Test joining the split parts back together
 dpkg-split -o pkg-joined.deb -j pkg-split-part.*.deb
 cmp pkg-split.deb pkg-joined.deb
-], [], [Putting package pkg-split together from 3 parts: 1 2 3 done
+], [], [Putting package pkg-split together from 10 parts: 1 2 3 4 5 6 7 8 9 10 
done
 ])
 
 AT_CLEANUP

-- 
Dpkg.Org's dpkg

Reply via email to