mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 17:19:20 +00:00
Code Issues Projects Releases Wiki Activity

rpm: opendb before rpmverifyscript to avoid null point input

Browse Source 
If the command is "rpm -V" and the return value of (headerIsEntry(h, RPMTAG_VERIFYSCRIPT)
|| headerIsEntry(h, RPMTAG_SANITYCHECK)) located in /lib/verify.c is true, it will call
rpmpsmStage function(rpmVerifyScript->rpmpsmScriptStage->rpmpsmStage) and occur segment
fault because of null point(rpmtsGetRdb(ts) == NULL and rpmtsGetRdb(ts)->db_txn).
So we open rpmdb to avoid bad input when find headerIsEntry true.

workflow:
main()->rpmcliVerify()->rpmcliArgIter()->rpmQueryVerify()->rpmgiShowMatches()->showVerifyPackage()->
          rpmqv.c         verify.c        query.c             query.c           verify.c(headerIsEntry)
rpmVerifyScript()->rpmpsmScriptStage()->rpmpsmStage()->    rpmtxnCommit(rpmtsGetRdb(ts)->db_txn);
      verify.c            psm.c             psm.c                 psm.c

(From OE-Core rev: 91945b7fcb0c83ca72543e5327e965eca9c269c4)

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Zhixiong Chi
2015-08-13 11:16:29 +08:00
committed by Richard Purdie
parent 7ed4a91863
commit a21b0473ad
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/rpm/rpm/rpm-opendb-before-verifyscript-to-avoid-null-point.patch
+24
View File
@@ -0,0 +1,24 @@
rpm: opendb before rpmverifyscript to avoid null point input
If the command is "rpm -V" and the return value of (headerIsEntry(h, RPMTAG_VERIFYSCRIPT)
|| headerIsEntry(h, RPMTAG_SANITYCHECK)) located in /lib/verify.c is true, it will call
rpmpsmStage function(rpmVerifyScript->rpmpsmScriptStage->rpmpsmStage) and occur segment
fault because of null point(rpmtsGetRdb(ts) == NULL and rpmtsGetRdb(ts)->db_txn).
So we open rpmdb to avoid bad input when find headerIsEntry true.
Upstream-Status: Pending
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Index: rpm-5.4.14/lib/verify.c
===================================================================
--- rpm-5.4.14.orig/lib/verify.c 2015-07-22 22:09:59.992895355 +0800
+++ rpm-5.4.14/lib/verify.c 2015-08-13 10:20:33.752177906 +0800
@@ -613,6 +613,8 @@
{
FD_t fdo = fdDup(STDOUT_FILENO);
+ rpmtsOpenDB(ts, O_RDONLY); /*Open the DB to avoid null point input in function rpmpsmStage()*/
+
rc = rpmfiSetHeader(fi, h);
if ((rc = rpmVerifyScript(qva, ts, fi, fdo)) != 0)
ec += rc;
meta/recipes-devtools/rpm/rpm_5.4.14.bb
+1
View File
@@ -95,6 +95,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.14-0.20131024.src.rpm;e
file://rpm-lua-fix-print.patch \
file://rpm-check-rootpath-reasonableness.patch \
file://rpm-macros.in-disable-external-key-server.patch \
file://rpm-opendb-before-verifyscript-to-avoid-null-point.patch \
"
# Uncomment the following line to enable platform score debugging