[libhif/f21] Do not crash when trying to parse pathological files
Richard Hughes
rhughes at fedoraproject.org
Wed Nov 26 10:49:03 UTC 2014
commit a550d0e43423fd0d78ed710623d67048076fbffc
Author: Richard Hughes <richard at hughsie.com>
Date: Wed Nov 26 10:37:45 2014 +0000
Do not crash when trying to parse pathological files
...rash-when-parsing-the-bumblebee.repo-file.patch | 76 ++++++++++++++++++++
libhif.spec | 10 +++-
2 files changed, 85 insertions(+), 1 deletions(-)
---
diff --git a/0001-Fix-crash-when-parsing-the-bumblebee.repo-file.patch b/0001-Fix-crash-when-parsing-the-bumblebee.repo-file.patch
new file mode 100644
index 0000000..6bd36ef
--- /dev/null
+++ b/0001-Fix-crash-when-parsing-the-bumblebee.repo-file.patch
@@ -0,0 +1,76 @@
+From 4800a28e3ed1ede1ee587bd5f293c62a519a8c06 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard at hughsie.com>
+Date: Wed, 26 Nov 2014 10:30:26 +0000
+Subject: [PATCH] Fix crash when parsing the bumblebee.repo file
+
+For some unknown reason, the sole baseurl address is on a new line. Accept this
+as valid by fixing the data before it gets parsed as a GKeyFile.
+
+Also add a self test to catch this kind of problem in the future.
+
+Resolves: https://github.com/hughsie/libhif/issues/11
+---
+ data/tests/Makefile.am | 3 ++-
+ data/tests/yum.repos.d/bumblebee.repo | 18 ++++++++++++++++++
+ libhif/hif-repos.c | 24 +++++++++++++++++-------
+ libhif/hif-self-test.c | 31 +++++++++++++++++++++++++++++--
+ libhif/hif-source.c | 2 +-
+ 5 files changed, 67 insertions(+), 11 deletions(-)
+ create mode 100644 data/tests/yum.repos.d/bumblebee.repo
+
+diff --git a/libhif/hif-repos.c b/libhif/hif-repos.c
+index af41cc3..9f22a83 100644
+--- a/libhif/hif-repos.c
++++ b/libhif/hif-repos.c
+@@ -280,18 +280,28 @@ hif_repos_load_multiline_key_file (const gchar *filename, GError **error)
+ string = g_string_new ("");
+ lines = g_strsplit (data, "\n", -1);
+ for (i = 0; lines[i] != NULL; i++) {
++
++ /* convert tabs to spaces */
++ g_strdelimit (lines[i], "\t", ' ');
++
+ /* if a line starts with whitespace, then append it on
+ * the previous line */
+- g_strdelimit (lines[i], "\t", ' ');
+ if (lines[i][0] == ' ' && string->len > 0) {
++
++ /* remove old newline from previous line */
+ g_string_set_size (string, string->len - 1);
+- g_string_append_printf (string,
+- ";%s\n",
+- g_strchug (lines[i]));
++
++ /* whitespace strip this new line */
++ g_strchug (lines[i]);
++
++ /* only add a ';' if we have anything after the '=' */
++ if (string->str[string->len - 1] == '=') {
++ g_string_append_printf (string, "%s\n", lines[i]);
++ } else {
++ g_string_append_printf (string, ";%s\n", lines[i]);
++ }
+ } else {
+- g_string_append_printf (string,
+- "%s\n",
+- lines[i]);
++ g_string_append_printf (string, "%s\n", lines[i]);
+ }
+ }
+
+diff --git a/libhif/hif-source.c b/libhif/hif-source.c
+index 90c4097..1634969 100644
+--- a/libhif/hif-source.c
++++ b/libhif/hif-source.c
+@@ -383,7 +383,7 @@ hif_source_is_local (HifSource *source)
+ if (baseurls != NULL && baseurls[0] != NULL) {
+ _cleanup_free_ gchar *url = NULL;
+ url = lr_prepend_url_protocol (baseurls[0]);
+- if (strncasecmp (url, "file://", 7) == 0)
++ if (url != NULL && strncasecmp (url, "file://", 7) == 0)
+ return TRUE;
+ }
+ }
+--
+2.1.0
+
diff --git a/libhif.spec b/libhif.spec
index 8190862..d01c322 100644
--- a/libhif.spec
+++ b/libhif.spec
@@ -1,11 +1,14 @@
Summary: Simple package library built on top of hawkey and librepo
Name: libhif
Version: 0.1.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: LGPLv2+
URL: https://github.com/hughsie/libhif
Source0: http://people.freedesktop.org/~hughsient/releases/libhif-%{version}.tar.xz
+# already upstream
+Patch0: 0001-Fix-crash-when-parsing-the-bumblebee.repo-file.patch
+
BuildRequires: glib2-devel >= 2.16.1
BuildRequires: libtool
BuildRequires: docbook-utils
@@ -29,6 +32,7 @@ GLib headers and libraries for libhif.
%prep
%setup -q
+%patch0 -p1 -b .fix-bumblebee
%build
%configure \
@@ -61,6 +65,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libhif*.la
%{_datadir}/gir-1.0/*.gir
%changelog
+* Wed Nov 26 2014 Richard Hughes <richard at hughsie.com> 0.1.6-2
+- Do not crash when trying to parse pathological files like bumblebee.repo
+- Resolves: #1164330
+
* Mon Nov 11 2014 Richard Hughes <richard at hughsie.com> 0.1.6-1
- Update to new upstream version
- Add support for package reinstallation and downgrade
More information about the scm-commits
mailing list