From 91945b7fcb0c83ca72543e5327e965eca9c269c4 Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Thu, 13 Aug 2015 11:16:29 +0800 Subject: rpm: opendb before rpmverifyscript to avoid null point input If the command is "rpm -V" and the return value of (headerIsEntry(h, RPMTAG_VERIFYSCRIPT) || headerIsEntry(h, RPMTAG_SANITYCHECK)) located in /lib/verify.c is true, it will call rpmpsmStage function(rpmVerifyScript->rpmpsmScriptStage->rpmpsmStage) and occur segment fault because of null point(rpmtsGetRdb(ts) == NULL and rpmtsGetRdb(ts)->db_txn). So we open rpmdb to avoid bad input when find headerIsEntry true. workflow: main()->rpmcliVerify()->rpmcliArgIter()->rpmQueryVerify()->rpmgiShowMatches()->showVerifyPackage()-> rpmqv.c verify.c query.c query.c verify.c(headerIsEntry) rpmVerifyScript()->rpmpsmScriptStage()->rpmpsmStage()-> rpmtxnCommit(rpmtsGetRdb(ts)->db_txn); verify.c psm.c psm.c psm.c Signed-off-by: Zhixiong Chi Signed-off-by: Ross Burton --- ...b-before-verifyscript-to-avoid-null-point.patch | 24 ++++++++++++++++++++++ meta/recipes-devtools/rpm/rpm_5.4.14.bb | 1 + 2 files changed, 25 insertions(+) create mode 100644 meta/recipes-devtools/rpm/rpm/rpm-opendb-before-verifyscript-to-avoid-null-point.patch diff --git a/meta/recipes-devtools/rpm/rpm/rpm-opendb-before-verifyscript-to-avoid-null-point.patch b/meta/recipes-devtools/rpm/rpm/rpm-opendb-before-verifyscript-to-avoid-null-point.patch new file mode 100644 index 0000000000..07d586a3ab --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/rpm-opendb-before-verifyscript-to-avoid-null-point.patch @@ -0,0 +1,24 @@ +rpm: opendb before rpmverifyscript to avoid null point input + +If the command is "rpm -V" and the return value of (headerIsEntry(h, RPMTAG_VERIFYSCRIPT) +|| headerIsEntry(h, RPMTAG_SANITYCHECK)) located in /lib/verify.c is true, it will call +rpmpsmStage function(rpmVerifyScript->rpmpsmScriptStage->rpmpsmStage) and occur segment +fault because of null point(rpmtsGetRdb(ts) == NULL and rpmtsGetRdb(ts)->db_txn). +So we open rpmdb to avoid bad input when find headerIsEntry true. + +Upstream-Status: Pending + +Signed-off-by: Zhixiong Chi +Index: rpm-5.4.14/lib/verify.c +=================================================================== +--- rpm-5.4.14.orig/lib/verify.c 2015-07-22 22:09:59.992895355 +0800 ++++ rpm-5.4.14/lib/verify.c 2015-08-13 10:20:33.752177906 +0800 +@@ -613,6 +613,8 @@ + { + FD_t fdo = fdDup(STDOUT_FILENO); + ++ rpmtsOpenDB(ts, O_RDONLY); /*Open the DB to avoid null point input in function rpmpsmStage()*/ ++ + rc = rpmfiSetHeader(fi, h); + if ((rc = rpmVerifyScript(qva, ts, fi, fdo)) != 0) + ec += rc; diff --git a/meta/recipes-devtools/rpm/rpm_5.4.14.bb b/meta/recipes-devtools/rpm/rpm_5.4.14.bb index ddbdcb94ee..1f4d9d2e0c 100644 --- a/meta/recipes-devtools/rpm/rpm_5.4.14.bb +++ b/meta/recipes-devtools/rpm/rpm_5.4.14.bb @@ -95,6 +95,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.14-0.20131024.src.rpm;e file://rpm-lua-fix-print.patch \ file://rpm-check-rootpath-reasonableness.patch \ file://rpm-macros.in-disable-external-key-server.patch \ + file://rpm-opendb-before-verifyscript-to-avoid-null-point.patch \ " # Uncomment the following line to enable platform score debugging -- cgit 1.2.3-korg