[libhif/f21] Do not crash when trying to parse pathological files

Richard Hughes rhughes at fedoraproject.org
Wed Nov 26 10:49:03 UTC 2014 

commit a550d0e43423fd0d78ed710623d67048076fbffc
Author: Richard Hughes <richard at hughsie.com>
Date:   Wed Nov 26 10:37:45 2014 +0000

    Do not crash when trying to parse pathological files

 ...rash-when-parsing-the-bumblebee.repo-file.patch |   76 ++++++++++++++++++++
 libhif.spec                                        |   10 +++-
 2 files changed, 85 insertions(+), 1 deletions(-)
---
diff --git a/0001-Fix-crash-when-parsing-the-bumblebee.repo-file.patch b/0001-Fix-crash-when-parsing-the-bumblebee.repo-file.patch
new file mode 100644
index 0000000..6bd36ef
--- /dev/null
+++ b/0001-Fix-crash-when-parsing-the-bumblebee.repo-file.patch
@@ -0,0 +1,76 @@
+From 4800a28e3ed1ede1ee587bd5f293c62a519a8c06 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard at hughsie.com>
+Date: Wed, 26 Nov 2014 10:30:26 +0000
+Subject: [PATCH] Fix crash when parsing the bumblebee.repo file
+
+For some unknown reason, the sole baseurl address is on a new line. Accept this
+as valid by fixing the data before it gets parsed as a GKeyFile.
+
+Also add a self test to catch this kind of problem in the future.
+
+Resolves: https://github.com/hughsie/libhif/issues/11
+---
+ data/tests/Makefile.am                |  3 ++-
+ data/tests/yum.repos.d/bumblebee.repo | 18 ++++++++++++++++++
+ libhif/hif-repos.c                    | 24 +++++++++++++++++-------
+ libhif/hif-self-test.c                | 31 +++++++++++++++++++++++++++++--
+ libhif/hif-source.c                   |  2 +-
+ 5 files changed, 67 insertions(+), 11 deletions(-)
+ create mode 100644 data/tests/yum.repos.d/bumblebee.repo
+
+diff --git a/libhif/hif-repos.c b/libhif/hif-repos.c
+index af41cc3..9f22a83 100644
+--- a/libhif/hif-repos.c
++++ b/libhif/hif-repos.c
+@@ -280,18 +280,28 @@ hif_repos_load_multiline_key_file (const gchar *filename, GError **error)
+ 	string = g_string_new ("");
+ 	lines = g_strsplit (data, "\n", -1);
+ 	for (i = 0; lines[i] != NULL; i++) {
++
++		/* convert tabs to spaces */
++		g_strdelimit (lines[i], "\t", ' ');
++
+ 		/* if a line starts with whitespace, then append it on
+ 		 * the previous line */
+-		g_strdelimit (lines[i], "\t", ' ');
+ 		if (lines[i][0] == ' ' && string->len > 0) {
++
++			/* remove old newline from previous line */
+ 			g_string_set_size (string, string->len - 1);
+-			g_string_append_printf (string,
+-						";%s\n",
+-						g_strchug (lines[i]));
++
++			/* whitespace strip this new line */
++			g_strchug (lines[i]);
++
++			/* only add a ';' if we have anything after the '=' */
++			if (string->str[string->len - 1] == '=') {
++				g_string_append_printf (string, "%s\n", lines[i]);
++			} else {
++				g_string_append_printf (string, ";%s\n", lines[i]);
++			}
+ 		} else {
+-			g_string_append_printf (string,
+-						"%s\n",
+-						lines[i]);
++			g_string_append_printf (string, "%s\n", lines[i]);
+ 		}
+ 	}
+ 
+diff --git a/libhif/hif-source.c b/libhif/hif-source.c
+index 90c4097..1634969 100644
+--- a/libhif/hif-source.c
++++ b/libhif/hif-source.c
+@@ -383,7 +383,7 @@ hif_source_is_local (HifSource *source)
+ 		if (baseurls != NULL && baseurls[0] != NULL) {
+ 			_cleanup_free_ gchar *url = NULL;
+ 			url = lr_prepend_url_protocol (baseurls[0]);
+-			if (strncasecmp (url, "file://", 7) == 0)
++			if (url != NULL && strncasecmp (url, "file://", 7) == 0)
+ 				return TRUE;
+ 		}
+ 	}
+-- 
+2.1.0
+
diff --git a/libhif.spec b/libhif.spec
index 8190862..d01c322 100644
--- a/libhif.spec
+++ b/libhif.spec
@@ -1,11 +1,14 @@
 Summary:   Simple package library built on top of hawkey and librepo
 Name:      libhif
 Version:   0.1.6
-Release:   1%{?dist}
+Release:   2%{?dist}
 License:   LGPLv2+
 URL:       https://github.com/hughsie/libhif
 Source0:   http://people.freedesktop.org/~hughsient/releases/libhif-%{version}.tar.xz
 
+# already upstream
+Patch0:    0001-Fix-crash-when-parsing-the-bumblebee.repo-file.patch
+
 BuildRequires: glib2-devel >= 2.16.1
 BuildRequires: libtool
 BuildRequires: docbook-utils
@@ -29,6 +32,7 @@ GLib headers and libraries for libhif.
 
 %prep
 %setup -q
+%patch0 -p1 -b .fix-bumblebee
 
 %build
 %configure \
@@ -61,6 +65,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libhif*.la
 %{_datadir}/gir-1.0/*.gir
 
 %changelog
+* Wed Nov 26 2014 Richard Hughes <richard at hughsie.com> 0.1.6-2
+- Do not crash when trying to parse pathological files like bumblebee.repo
+- Resolves: #1164330
+
 * Mon Nov 11 2014 Richard Hughes <richard at hughsie.com> 0.1.6-1
 - Update to new upstream version
 - Add support for package reinstallation and downgrade

More information about the scm-commits mailing list