[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH] lib: update inspect_list_applications to return all installed RPMs (RHBZ#859885)



On Mon, Oct 29, 2012 at 12:45:17PM -0400, John Eckersberg wrote:
> Note that because of RHBZ#859949, this will return two identical
> entries for RPMs which differ only by arch.

I get a lot of warnings (== errors) because I'm using
./configure --enable-gcc-warnings, so I wasn't able to compile
this patch.  These need to be fixed first.

> +/* tag constants, see rpmtag.h in RPM for complete list */
> +#define RPMTAG_VERSION 1001
> +#define RPMTAG_RELEASE 1002
> +#define RPMTAG_ARCH    1022

Keep the definition of RPMTAG_ARCH out of this patch, for the later
arch patch.  (This is one of the GCC warnings too).

> +
> +static char *
> +get_rpm_header_tag (guestfs_h *g, const void *header_start, size_t header_len, uint32_t tag)
> +{
> +  uint32_t num_fields, offset;
> +  const void *cursor = header_start + 8, *store;
> +
> +  /* This function parses the RPM header structure to pull out various
> +   * tag strings (version, release, arch, etc.).  For more detail on the
> +   * header format, see:
> +   * http://www.rpm.org/max-rpm/s1-rpm-file-format-rpm-file-format.html#S2-RPM-FILE-FORMAT-HEADER
> +   */
> +
> +  num_fields = be32toh (*(uint32_t *) header_start);
> +  store = header_start + 8 + (16 * num_fields);
> +
> +  while (cursor < store && cursor < header_start + header_len) {
> +    if (be32toh (*(uint32_t *) cursor) == tag){

^ Space before '{' character.

> +      offset = be32toh(*(uint32_t *) (cursor + 8));
> +      return safe_strdup(g, store + offset);
> +    }
> +    cursor += 16;
> +  }

I'm curious if this code will work if header_len is unusually small.
I think it would cause the library to read past the end of the
allocated buffer, possibly crashing or doing other Bad Stuff.  Note
that the header_len field is under control of the guest, so this could
be a security problem.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]