I can reproduce this issue with attached deb file. I add testuser (uid=2097152(010000000)) and create this deb file using dpkg-deb as testuser. When I put it to current directory and run "apt-ftparchive packages .", it makes the same error. Next, I create another deb file as my account(uid=1002) and run apt-ftparchive. no error. All of process is performed in one client. It seems that the numeric fields of tar header have the possibility to store 256bit encoding value. I also attach patch for apt 0.8.10.
Attachment:
test-package_1.0.deb
Description: application/debian-package
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: nobuhiro.hayashi@gmail.com-20101203030909-\
# 5jszx42h2mgb4tkn
# target_branch: nosmart+http://bzr.debian.org/apt/apt/debian-sid/
# testament_sha1: 213067bba94c2969f10b788e9a028a913319b871
# timestamp: 2010-12-03 12:18:32 +0900
# base_revision_id: mvo@debian.org-20101130102328-t3e3ey1zmajl0ef6
#
# Begin patch
=== modified file 'apt-inst/contrib/extracttar.cc'
--- apt-inst/contrib/extracttar.cc 2010-06-09 09:51:21 +0000
+++ apt-inst/contrib/extracttar.cc 2010-12-03 03:09:09 +0000
@@ -195,10 +195,14 @@
// Decode all of the fields
pkgDirStream::Item Itm;
if (StrToNum(Tar->Mode,Itm.Mode,sizeof(Tar->Mode),8) == false ||
- StrToNum(Tar->UserID,Itm.UID,sizeof(Tar->UserID),8) == false ||
- StrToNum(Tar->GroupID,Itm.GID,sizeof(Tar->GroupID),8) == false ||
- StrToNum(Tar->Size,Itm.Size,sizeof(Tar->Size),8) == false ||
- StrToNum(Tar->MTime,Itm.MTime,sizeof(Tar->MTime),8) == false ||
+ (Base256ToNum(Tar->UserID,Itm.UID,8) == false &&
+ StrToNum(Tar->UserID,Itm.UID,sizeof(Tar->UserID),8) == false) ||
+ (Base256ToNum(Tar->GroupID,Itm.GID,8) == false &&
+ StrToNum(Tar->GroupID,Itm.GID,sizeof(Tar->GroupID),8) == false) ||
+ (Base256ToNum(Tar->Size,Itm.Size,12) == false &&
+ StrToNum(Tar->Size,Itm.Size,sizeof(Tar->Size),8) == false) ||
+ (Base256ToNum(Tar->MTime,Itm.MTime,12) == false &&
+ StrToNum(Tar->MTime,Itm.MTime,sizeof(Tar->MTime),8) == false) ||
StrToNum(Tar->Major,Itm.Major,sizeof(Tar->Major),8) == false ||
StrToNum(Tar->Minor,Itm.Minor,sizeof(Tar->Minor),8) == false)
return _error->Error(_("Corrupted archive"));
=== modified file 'apt-pkg/contrib/strutl.cc'
--- apt-pkg/contrib/strutl.cc 2010-09-28 15:27:44 +0000
+++ apt-pkg/contrib/strutl.cc 2010-12-03 03:09:09 +0000
@@ -968,6 +968,24 @@
return true;
}
/*}}}*/
+// Base256ToNum - Convert a fixed length binary to a number /*{{{*/
+// ---------------------------------------------------------------------
+/* This is used in decoding the 256bit encoded fixed length fields in
+ tar files */
+bool Base256ToNum(const char *Str,unsigned long &Res,unsigned Len)
+{
+ int i;
+ if ((Str[0] & 0x80) == 0)
+ return false;
+ else
+ {
+ Res = Str[0] & 0x7F;
+ for(i=1; i<Len; i++)
+ Res = (Res<<8) + Str[i];
+ return true;
+ }
+}
+ /*}}}*/
// HexDigit - Convert a hex character into an integer /*{{{*/
// ---------------------------------------------------------------------
/* Helper for Hex2Num */
=== modified file 'apt-pkg/contrib/strutl.h'
--- apt-pkg/contrib/strutl.h 2010-06-09 11:15:34 +0000
+++ apt-pkg/contrib/strutl.h 2010-12-03 03:09:09 +0000
@@ -52,6 +52,7 @@
int StringToBool(const string &Text,int Default = -1);
bool ReadMessages(int Fd, vector<string> &List);
bool StrToNum(const char *Str,unsigned long &Res,unsigned Len,unsigned Base = 0);
+bool Base256ToNum(const char *Str,unsigned long &Res,unsigned Len);
bool Hex2Num(const string &Str,unsigned char *Num,unsigned int Length);
bool TokSplitString(char Tok,char *Input,char **List,
unsigned long ListMax);
# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWRtLgngAA4dfgHMwUX///3/n
Xgq////+YAbvvLtugAFaXYaAAADFKanmqZpDExoBNqZBgEGCMgyZGhieoNKnojE9TTQaaeoNABoA
AGgAAABwDCMJpiGAQDIAYRpkyYRgIaCU1E1IyPTU9TaBB6mmEBpkGgGgNNBoAHAMIwmmIYBAMgBh
GmTJhGAhoJJBGgATQCGgjDU0U/0hTGJA/STRkD8qZQ0APIhFpDIpAEFCkoYlXVDXrFMtiegS4zDG
Dj3pG76puFi6m6hlm2Ps7L3QpnnSUpxnSxljog6rTqEI1hQwZkM8bGVQ8TyycFT3pEftW2wytWZJ
CQlRntkbfFCOxE9J4rGnCeIiKEQ8JTSYJMxhvbRLgwSwXqiY1ncpAQ1TZrb+tn7bvSPGxrdMil8o
QCT1TNCiAuhiTnC4MGCxn6qiAHlRtlyE22UZoGI6a5djvkjoIgZVCRACgAwBcZswzjEC5bMBISEg
1IqVq9Gnq+JidjGlD2+7lSnjU98iR0Aw4GTDcC0nO4vXYmEbhEQLlG0uiXMLtZ11MZenqOyQALbU
TuCJNskPlguGAXr/4OMw+kvHang9fFYzJJnCwfpc7R49SDWtZrHoCCgAOEOEeBJA/3nsLCA8kInE
OHvYYoFSFP7lKDr2KRXak5o1j0g99bl4FX5/UgIuiHk6XLRTs+1arhqHlBE+QTLCaa80mx9hegnh
2bTMuIw8rQrKwcZFo0jnVE1Nxagh3ADxDnoHXj9hrXxeXYm/WBCgIGvInWDiIE48gXF4jvEfODyO
clcCKi82m+tRKJp2ZWjF+Q4kxeYF6crSu+utz3NwlGMxGgHFwO9BDFrSplwJFBtJprAxQX2fUoKM
REr8KM4NSQNBUKDPMKjodkOxpe95bJMBWWWU10jgqJjcIhqeMMRrtMiszGMDCJSs0XjkpDVjFpdB
rHDhxfhaRLSdpSIEIlpkdb4JFqNUxSS3a8pXt2dYpKnIdoOdjSazAvImhxoM9ciNRhQZ4UmI4167
zApKp9Vl1+IiisckRGhTIkQmJXj78IwLrmd6Tmo+Di5MlWKhk5WQvtHCiiMAcoLuH3zP9KqyYQTa
NJVpbahcJ8kJ3WkAN8kPvhjCu1iy1MOGFXQg2/BeF7nzvJN2iewvio8UHkqp2ESGdMwUagkmQqfS
CMi8xiFrhLLQrWMv04ePfhAic1yCVDDOQac0iHz+/9DKdBGTDfkfcK5mYE3+UcTFmZmZicknrib+
AuInoPYLj/A2oIqZfNBdYMhopISiBrpcEmZ16huQGmHgchIYTEUy+EheCBjDgTHz8YKhqUyFwscK
BgRQoCuERaCAbddIHrtDZFClOgpIFnoCdvF4rIRJBTzb/sk4Fgof6sSI7jUZHWeYjgZEBjpzNdu4
3hHhGv5HLeg5AvMggfWVdwz0H7oMjib6Ow3PEE6wOzN8TRQkibxJu8ig/q2zJl9MipEENWIuKA1H
Ue7NX6y8LoOoSumYtvau54T76SEJQbYiAkK5VaK1TnkcZ8emtWB0m2zucr1AWBgiga2vxIELT38G
Tjea/9piwmXimSyD0Qbqh+VwZ/+o1hV6IuUysBUJd3MoR286OcfedpFhjkSOBpQSNhpN50BWEx8F
7U4XP+LlX+kFpWgRwA9gKoPyS1E5sPdhrEMkHABgekQLrYgu0F8qJdugUqNbjxikfrntBkHcgapA
2odd9EG8sOVnl1hOG8FOI0IkThbQLKiGPRB9QjJCdd3CMKmtOKJJd2C8hFWw0U7mxjpFmI5xuFQm
SGTu09VchxFBmNN0M8g5B1JYujSkwhkKkBl8AXvXQo1InB39uaB7BGZPuqogHuY6SRFp2Z6MCcIv
Xyg8IIGQsgnuhEeKN4OcM8negbH8cC1DKhBiE5RQJmSeVj1Dou0MkcF2JHr1pHSo01hOUkQFUL6o
GDPIpQRPXqK0X3i4py+L1ZFb9CwQYhp5+ZEweVAVUTzjaadiJ7BwJ7MJwDxXiLooPRB2OEcirjir
GT6VXOgaT0602grY3h5qZTsRTpMPXfIcQYiMN2kN6CIDVea1osCILs5wkIgvMKkVkRpC7BvARTz0
3DS+1i7ksEpDiK+gpay57OFPMOM6xxwEZn3AfSKpckFboQHEmR7cHGZAuP4m3CHWC6/BIoNwQNCt
qLqBpwsEe1dpy/bbxEfgdIu1aikCy1hyc7lQhRQv5LrnxEY+H/T9PUIBBvQh/8XckU4UJAbS4J4A