Before everyone points out the obvious to me, let me state in public that the rpmbuild parser has __NEVER__ been side-effect free, a known and fundamental flaw.
In case you don't understand what I'm saying, here's
an example of a (deliberate) error case where the Name: data
fails to validate against a quite straightforward permitted
character set pattern:
[...@wellfleet popt]$ grep Name: popt.spec
Name: *popt
[...@wellfleet popt]$ xxxrpm -ba --miredebug popt.spec
--> mireRegcomp(0x99fe170, "i386-redhat-linux-gnu") rc 0
--> mire 0x9a2d7c0 ++ 1 mireNew at mire.c:130
--> mireRegcomp(0x9a2d7c0, "[A-Za-z0-9]+[A-Za-z0-9+._-]*") rc 0
--> mireRegexec(0x9a2d7c0, 0x9a33dae[5]) rc 0 mode 2 "*popt"
--> mireClean(0x9a2d7c0)
--> mire 0x9a2d7c0 -- 1 mireFree at mire.c:104
Executing(%prep): /bin/sh -e /X/tmp/rpm-tmp.52242
+ umask 022
+ cd '/X/*popt'
+ cd '/X/*popt'
+ rm -rf '*popt-1.14'
+ /bin/tar -xf '/X/*popt/*popt-1.14.tar.gz' /X/popt/popt-1.14.tar.gz
/bin/tar: This does not look like a tar archive
/bin/tar: Skipping to next header
/bin/tar: /X/popt/popt-1.14.tar.gz: Not found in archive
/bin/tar: Error exit delayed from previous errors
error: Bad exit status from /X/tmp/rpm-tmp.52242 (%prep)
RPM build errors:
Bad exit status from /X/tmp/rpm-tmp.52242 (%prep)
--> mireClean(0x99fe170)
73 de Jeff
On Jan 6, 2009, at 2:30 PM, Jeff Johnson wrote:
RPM Package Manager, CVS Repository http://rpm5.org/cvs/____________________________________________________________________________Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: [email protected] Module: rpm Date: 06-Jan-2009 20:30:25 Branch: HEAD Handle: 2009010619302500 Modified files: rpm CHANGES rpm/build parsePreamble.c Log: - rpmbuild: add tag data validation pattern checks. Summary: Revision Changes Path 1.2730 +1 -0 rpm/CHANGES 2.185 +38 -0 rpm/build/parsePreamble.c____________________________________________________________________________patch -p0 <<'@@ .' Index: rpm/CHANGES= = = = = = ======================================================================$ cvs diff -u -r1.2729 -r1.2730 CHANGES --- rpm/CHANGES 5 Jan 2009 21:09:36 -0000 1.2729 +++ rpm/CHANGES 6 Jan 2009 19:30:25 -0000 1.2730 @@ -1,5 +1,6 @@ 5.2a2 -> 5.2a3: + - jbj: rpmbuild: add tag data validation pattern checks. - jbj: EVRtuple: handle EVR_t opaquely in python labelCompare().- jbj: EVRtuple: postpone committing to single "missing" value for now.- jbj: EVRtuple: attempt rpmEVRparse() during parseRCPOT(). @@ . patch -p0 <<'@@ .' Index: rpm/build/parsePreamble.c= = = = = = ======================================================================$ cvs diff -u -r2.184 -r2.185 parsePreamble.c --- rpm/build/parsePreamble.c 22 Dec 2008 15:46:44 -0000 2.184 +++ rpm/build/parsePreamble.c 6 Jan 2009 19:30:25 -0000 2.185 @@ -10,6 +10,7 @@ #include <rpmlog.h> #include <rpmurl.h> #include <argv.h> +#include <mire.h> #define _RPMEVR_INTERNAL #define _RPMTAG_INTERNAL /* XXX rpmTags->aTags */ @@ -560,6 +561,39 @@ extern int noLang; /*...@=redecl@*/ +static rpmRC tagValidate(Spec spec, rpmTag tag, const char * value) + /*...@*/ +{ + const char * tagN = tagName(tag);+ const char * pattern = rpmExpand("%{?pattern_", tagN, "}", NULL);+ rpmRC ec = RPMRC_OK; + + if (pattern && *pattern) { + miRE mire; + int xx; + + mire = mireNew(RPMMIRE_REGEX, tag); + xx = mireSetCOptions(mire, RPMMIRE_REGEX, 0, 0, NULL); + if (!xx) + xx = mireRegcomp(mire, pattern); + if (!xx) + xx = mireRegexec(mire, value, strlen(value)); + if (!xx) + ec = RPMRC_OK; + else {+ rpmlog(RPMLOG_ERR, _("line %d: invalid tag value(\"%s\") %s: %s\n"),+ spec->lineNum, pattern, tagN, spec->line); + ec = RPMRC_FAIL; + } + + mire = mireFree(mire); + } + + pattern = _free(pattern); + + return ec; +} + /** */ static rpmRC handlePreambleTag(Spec spec, Package pkg, rpmTag tag, @@ -601,6 +635,10 @@ } end = findLastChar(field); + /* Validate tag data content. */ + if (tagValidate(spec, tag, field) != RPMRC_OK) + return RPMRC_FAIL; + /* See if this is multi-token */ end = field; SKIPNONSPACE(end); @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository [email protected]
smime.p7s
Description: S/MIME cryptographic signature
