Browse Source

do not trust FileFd::Eof() in pkgTagFile::Fill()

The Eof check was added (by me of course) in
0aae6d1439
as part of a fix up ~a month ago (at DebConf).

The idea was not that bad, but doesn't make that much sense either
as this bit is set by the FileFd based on Actual as well, so this is
basically doing the same check again – with the difference that the
HitEof bit can still linger from a previous Read we did at the end of
the file, but have seek'd away from it now.

Combined with the length of entries, entry order and other not that
easily controllable conditions you can be 'lucky' enough to hit this
problem in a way which even visible (truncating of other fields might
 not be visible easily, like 'Tags' and others).

Closes: 723705
Thanks: Cyril Brulebois
tags/debian/0.9.11.4
David Kalnischkies 7 years ago
parent
commit
5985c230c8
4 changed files with 263 additions and 1 deletions
  1. +1
    -1
      apt-pkg/tagfile.cc
  2. +167
    -0
      test/integration/Packages-bug-723705-tagfile-truncates-fields
  3. +62
    -0
      test/integration/status-bug-723705-tagfile-truncates-fields
  4. +33
    -0
      test/integration/test-bug-723705-tagfile-truncates-fields

+ 1
- 1
apt-pkg/tagfile.cc View File

@@ -164,7 +164,7 @@ bool pkgTagFile::Fill()
unsigned long long const dataSize = d->Size - ((d->End - d->Buffer) + 1);
if (d->Fd.Read(d->End, dataSize, &Actual) == false)
return false;
if (Actual != dataSize || d->Fd.Eof() == true)
if (Actual != dataSize)
d->Done = true;
d->End += Actual;
}


+ 167
- 0
test/integration/Packages-bug-723705-tagfile-truncates-fields View File

@@ -0,0 +1,167 @@
Package: cdebconf-gtk-udeb
Source: cdebconf
Version: 0.185
Installed-Size: 92
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Architecture: amd64
Description: Gtk+ frontend for Debian Configuration Management System
Description-md5: 75d036e0a245499123544e2254b92e9c
Section: debian-installer
Priority: optional
Filename: pool/main/c/cdebconf/cdebconf-gtk-udeb_0.185_amd64.udeb
Size: 27278
MD5sum: a1bbbc1d4fb8e0615b5621abac021924
SHA1: b1a7ab55a90f61e5337847d02ff1d12d73559def
SHA256: cd79f3205304a7932b3309c4df9898c9a53929bc651912659858e087ebe1c18a

Package: cdebconf-newt-udeb
Source: cdebconf
Version: 0.185
Installed-Size: 58
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Architecture: amd64
Description: Newt frontend for Debian Configuration Management System
Description-md5: e080be5e38cb8c57bca2f3effe9ee030
Section: debian-installer
Priority: optional
Filename: pool/main/c/cdebconf/cdebconf-newt-udeb_0.185_amd64.udeb
Size: 19192
MD5sum: de27807f56dae2f2403b3322d5fe6bd2
SHA1: 57883e223d46a9f25966f9b986e6a3bc2f67d8ef
SHA256: 5f8b9c3a5430f2ec879484a7736582b152d76cc8ba9bc19328268f3635759a1b

Package: cdebconf-udeb
Source: cdebconf
Version: 0.185
Installed-Size: 245
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Architecture: amd64
Provides: debconf-2.0
Description: Debian Configuration Management System (C-implementation)
Description-md5: 9f3579e9d9f86ac89e667a8707d3cbd3
Section: debian-installer
Priority: standard
Filename: pool/main/c/cdebconf/cdebconf-udeb_0.185_amd64.udeb
Size: 77376
MD5sum: e3883706fdbf54c2e5ea959c92b2d37f
SHA1: 0232f1bdf1531db628516ed3a46a27466b267fdc
SHA256: 96345575417a3e4df8a2cadaa55784ec8f6c042defb1e2fc002d941b6116ceab

Package: cdebconf-gtk-terminal
Source: cdebconf-terminal
Version: 0.22
Installed-Size: 64
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Architecture: amd64
Provides: cdebconf-terminal
Depends: cdebconf-gtk-udeb, libc6-udeb (>= 2.17), libglib2.0-udeb (>= 2.36.4), libgtk2.0-0-udeb (>= 2.24.0), libvte9-udeb (>= 1:0.28.0), cdebconf-udeb, cdebconf-gtk-terminal, cdebconf-gtk-terminal, cdebconf-gtk-terminal, cdebconf-gtk-terminal, cdebconf-gtk-terminal, cdebconf-gtk-terminal, cdebconf-gtk-terminal
Description: cdebconf gtk plugin displaying a terminal
Description-md5: 18c4446758aec003eb8cd0a43419f1aa
Section: debian-installer
Priority: extra
Filename: pool/main/c/cdebconf-terminal/cdebconf-gtk-terminal_0.22_amd64.udeb
Size: 14734
MD5sum: f9c3a7354560cb88e0396e2b7ba54363
SHA1: 9c1c93328e758bfd9de2752466b271aaf38c8177
SHA256: ca749853fc3b93db1d08ccdc6b46de27633de52bc5b880fa65275897ebcaaf69

Package: cdebconf-newt-terminal
Source: cdebconf-terminal
Version: 0.22
Installed-Size: 43
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Architecture: amd64
Provides: cdebconf-terminal
Depends: cdebconf-newt-udeb (>= 0.146), libc6-udeb (>= 2.17), libnewt0.52
Description: cdebconf newt plugin to provide a clean terminal
Description-md5: 4109a053022081b573d864d84d6eb16d
Section: debian-installer
Priority: extra
Filename: pool/main/c/cdebconf-terminal/cdebconf-newt-terminal_0.22_amd64.udeb
Size: 4538
MD5sum: 20db6152fce5081fcbf49c7c08f21246
SHA1: fa2a40f777a2f48b9634866bc780fb059e60b2fe
SHA256: c4d99ef27285f0c9090005313165627e56e0972e687af7e68c2b1d1538e2ae09

Package: libc6-udeb
Source: eglibc (2.17-92)
Version: 2.17-92+b1
Installed-Size: 3126
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Architecture: amd64
Provides: glibc-2.17-1, libc-udeb, libc6
Description: Embedded GNU C Library: Shared libraries - udeb
Description-md5: 9552ce73b7b3fb466e3d89fe8db9a563
Section: debian-installer
Priority: extra
Filename: pool/main/e/eglibc/libc6-udeb_2.17-92+b1_amd64.udeb
Size: 1056000
MD5sum: 7fd7032eeeecf7f76eff79a0543fbd72
SHA1: 724b6a81b8fbc9d4d2bb43d656c08de73f7ada25
SHA256: 137d4c001bbfde8161315c36e6cb8653ae2c50a8d6b6d2d27396c492d91a1723

Package: libglib2.0-udeb
Source: glib2.0
Version: 2.36.4-1
Installed-Size: 10070
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Architecture: amd64
Description: GLib library of C routines - minimal runtime
Description-md5: 0244040042870a89aa49f037cce3f1e9
Section: debian-installer
Priority: optional
Filename: pool/main/g/glib2.0/libglib2.0-udeb_2.36.4-1_amd64.udeb
Size: 1714604
MD5sum: 72da029f1bbb36057d874f1f82a5d00a
SHA1: 32bce78a052ef19a620f43ecbe12404fa570c0f1
SHA256: 8edbc7cb872c0a82705913563f93f9eec5750881e4378c5a48770cde840cd6eb

Package: libgtk2.0-0-udeb
Source: gtk+2.0
Version: 2.24.20-1
Installed-Size: 5035
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Architecture: amd64
Provides: gtk2.0-binver-2.10.0
Description: GTK+ graphical user interface library - minimal runtime
Description-md5: 32e5112b80c02578837cff4f65dfec84
Section: debian-installer
Priority: extra
Filename: pool/main/g/gtk+2.0/libgtk2.0-0-udeb_2.24.20-1_amd64.udeb
Size: 1643046
MD5sum: 25513478eb2e02e5766c0eea0b411ca9
SHA1: 9274f05bfa930a3406403441ce061bade04e2064
SHA256: d5f611f48928ae02f759105cf8cff467cde1cb44df56ad31067168b46a80f8bc

Package: libvte9-udeb
Source: vte
Version: 1:0.28.2-5
Installed-Size: 628
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Architecture: amd64
Description: Terminal emulator widget for GTK+ 2.0 - minimal runtime
Description-md5: e7993385c30bae6e96c8cb87795a513c
Section: debian-installer
Priority: extra
Filename: pool/main/v/vte/libvte9-udeb_0.28.2-5_amd64.udeb
Size: 216968
MD5sum: 7da7201effaf5ced19abd9d0b45aa2c6
SHA1: a424cf779e7614d79740c422b6342de04fed3646
SHA256: 4963033cbda5a8ba7eb8ebf1debae34463b8e63b821259860cfb51c1ab99562d

Package: zlib1g-udeb
Source: zlib
Version: 1:1.2.8.dfsg-1
Installed-Size: 115
Maintainer: Mark Brown <broonie@debian.org>
Architecture: amd64
Description: compression library - runtime for Debian installer
Description-md5: 9cab974e3eab657c53bc17611b894c7a
Section: debian-installer
Priority: optional
Filename: pool/main/z/zlib/zlib1g-udeb_1.2.8.dfsg-1_amd64.udeb
Size: 45270
MD5sum: c02884420f79a3ae4569cf67782f3e74
SHA1: 7cd1a7c8be4e086de733a0ce76f87d42b8b2173b
SHA256: 61641ee2b5e185232108333438b72bec71ef549fe0e0df1b2b3afa37174e53a7


+ 62
- 0
test/integration/status-bug-723705-tagfile-truncates-fields View File

@@ -0,0 +1,62 @@
Package: libc6
Status: install ok installed
Priority: required
Section: libs
Installed-Size: 10164
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Architecture: amd64
Multi-Arch: same
Source: eglibc (2.17-92)
Version: 2.17-92+b1
Replaces: libc6-amd64
Provides: glibc-2.17-1
Suggests: glibc-doc, debconf | debconf-2.0, locales
Breaks: locales (<< 2.17), locales-all (<< 2.17), lsb-core (<= 3.2-27), nscd (<< 2.17)
Conflicts: prelink (<= 0.0.20090311-1), tzdata (<< 2007k-1), tzdata-etch
Conffiles:
/etc/ld.so.conf.d/x86_64-linux-gnu.conf 593ad12389ab2b6f952e7ede67b8fbbf
Description: Embedded GNU C Library: Shared libraries
Contains the standard libraries that are used by nearly all programs on
the system. This package includes shared versions of the standard C library
and the standard math library, as well as many others.
Homepage: http://www.eglibc.org

Package: libnewt0.52
Status: install ok installed
Priority: important
Section: libs
Installed-Size: 820
Maintainer: Alastair McKinstry <mckinstry@debian.org>
Architecture: amd64
Multi-Arch: same
Source: newt
Version: 0.52.15-3
Recommends: libfribidi0
Conffiles:
/etc/newt/palette.original d41d8cd98f00b204e9800998ecf8427e
Description: Not Erik's Windowing Toolkit - text mode windowing with slang
Newt is a windowing toolkit for text mode built from the slang library.
It allows color text mode applications to easily use stackable windows,
push buttons, check boxes, radio buttons, lists, entry fields, labels,
and displayable text. Scrollbars are supported, and forms may be nested
to provide extra functionality. This package contains the shared library
for programs that have been built with newt.
Homepage: https://fedorahosted.org/newt/

Package: libgcc1
Status: install ok installed
Priority: required
Section: libs
Installed-Size: 128
Maintainer: Debian GCC Maintainers <debian-gcc@lists.debian.org>
Architecture: amd64
Multi-Arch: same
Source: gcc-4.8 (4.8.1-10)
Version: 1:4.8.1-10
Breaks: gcc-4.1, gcc-4.3 (<< 4.3.6-1), gcc-4.4 (<< 4.4.6-4), gcc-4.5 (<< 4.5.3-2)
Description: GCC support library
Shared version of the support library, a library of internal subroutines
that GCC uses to overcome shortcomings of particular machines, or
special needs for some languages.
Homepage: http://gcc.gnu.org/


+ 33
- 0
test/integration/test-bug-723705-tagfile-truncates-fields View File

@@ -0,0 +1,33 @@
#!/bin/sh
set -e

TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
setupenvironment
configarchitecture 'amd64'

setupaptarchive

aptget install --print-uris -y cdebconf-newt-terminal cdebconf-gtk-terminal 2>&1 | sed 's#file:///tmp/tmp.[^/]\+#file:///tmp#g' > filename.log

testfileequal filename.log "Reading package lists...
Building dependency tree...
The following extra packages will be installed:
cdebconf-gtk-udeb cdebconf-newt-udeb cdebconf-udeb libc6-udeb
libglib2.0-udeb libgtk2.0-0-udeb libvte9-udeb
The following NEW packages will be installed:
cdebconf-gtk-terminal cdebconf-gtk-udeb cdebconf-newt-terminal
cdebconf-newt-udeb cdebconf-udeb libc6-udeb libglib2.0-udeb libgtk2.0-0-udeb
libvte9-udeb
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/4774 kB of archives.
After this operation, 19.8 MB of additional disk space will be used.
'file:///tmp/aptarchive/pool/main/c/cdebconf/cdebconf-udeb_0.185_amd64.udeb' cdebconf-udeb_0.185_amd64.udeb 77376 MD5Sum:e3883706fdbf54c2e5ea959c92b2d37f
'file:///tmp/aptarchive/pool/main/c/cdebconf/cdebconf-gtk-udeb_0.185_amd64.udeb' cdebconf-gtk-udeb_0.185_amd64.udeb 27278 MD5Sum:a1bbbc1d4fb8e0615b5621abac021924
'file:///tmp/aptarchive/pool/main/c/cdebconf/cdebconf-newt-udeb_0.185_amd64.udeb' cdebconf-newt-udeb_0.185_amd64.udeb 19192 MD5Sum:de27807f56dae2f2403b3322d5fe6bd2
'file:///tmp/aptarchive/pool/main/g/glib2.0/libglib2.0-udeb_2.36.4-1_amd64.udeb' libglib2.0-udeb_2.36.4-1_amd64.udeb 1714604 MD5Sum:72da029f1bbb36057d874f1f82a5d00a
'file:///tmp/aptarchive/pool/main/e/eglibc/libc6-udeb_2.17-92+b1_amd64.udeb' libc6-udeb_2.17-92+b1_amd64.udeb 1056000 MD5Sum:7fd7032eeeecf7f76eff79a0543fbd72
'file:///tmp/aptarchive/pool/main/g/gtk+2.0/libgtk2.0-0-udeb_2.24.20-1_amd64.udeb' libgtk2.0-0-udeb_2.24.20-1_amd64.udeb 1643046 MD5Sum:25513478eb2e02e5766c0eea0b411ca9
'file:///tmp/aptarchive/pool/main/v/vte/libvte9-udeb_0.28.2-5_amd64.udeb' libvte9-udeb_1%3a0.28.2-5_amd64.udeb 216968 MD5Sum:7da7201effaf5ced19abd9d0b45aa2c6
'file:///tmp/aptarchive/pool/main/c/cdebconf-terminal/cdebconf-gtk-terminal_0.22_amd64.udeb' cdebconf-gtk-terminal_0.22_amd64.udeb 14734 MD5Sum:f9c3a7354560cb88e0396e2b7ba54363
'file:///tmp/aptarchive/pool/main/c/cdebconf-terminal/cdebconf-newt-terminal_0.22_amd64.udeb' cdebconf-newt-terminal_0.22_amd64.udeb 4538 MD5Sum:20db6152fce5081fcbf49c7c08f21246"

Loading…
Cancel
Save