Your message dated Sun, 14 Apr 2019 11:19:08 +0200 with message-id <20190414091908.ox5j7navzgshcprd@crossbow> and subject line Re: Bug#926969: libapt-pkg: SetSignedBy can attempt to access index -1 in an array has caused the Debian Bug report #926969, regarding libapt-pkg: SetSignedBy can attempt to access index -1 in an array to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 926969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926969 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libapt-pkg: SetSignedBy can attempt to access index -1 in an array
- From: Sam Bingner <sam@bingner.com>
Package: libapt-pkg5.0 Version: 1.4.9 Severity: normal Tags: patch Dear Maintainer, In troubleshooting of another problem I found an invalid memory access testing with ASAN. Attached is a patch to ensure this does not happen. -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libapt-pkg5.0 depends on: ii libbz2-1.0 1.0.6-8.1 ii libc6 2.24-11+deb9u3 ii libgcc1 1:6.3.0-18+deb9u1 ii liblz4-1 0.0~r131-2+b1 ii liblzma5 5.2.2-1.2+b1 ii libstdc++6 6.3.0-18+deb9u1 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages libapt-pkg5.0 recommends: ii apt 1.4.9 libapt-pkg5.0 suggests no packages. -- no debconf informationcommit 706e8fe6cb93323e6b03c662aaced03a36db3574 Author: Sam Bingner <sam@bingner.com> Date: Thu Apr 11 13:31:14 2019 -1000 Don't access invalid string indexes diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index f25906fba..610965024 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -682,13 +682,13 @@ bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy) SignedBy = os.str(); } // Normalize the string: Remove trailing commas - while (SignedBy[SignedBy.size() - 1] == ',') + while (SignedBy.size() > 0 && SignedBy[SignedBy.size() - 1] == ',') SignedBy.resize(SignedBy.size() - 1); } else { // Only compare normalized strings auto pSignedByView = APT::StringView(pSignedBy); - while (pSignedByView[pSignedByView.size() - 1] == ',') + while (pSignedByView.size() > 0 && pSignedByView[pSignedByView.size() - 1] == ',') pSignedByView = pSignedByView.substr(0, pSignedByView.size() - 1); if (pSignedByView != SignedBy) return _error->Error(_("Conflicting values set for option %s regarding source %s %s: %s != %s"), "Signed-By", URI.c_str(), Dist.c_str(), SignedBy.c_str(), pSignedByView.to_string().c_str());
--- End Message ---
--- Begin Message ---
- To: Sam Bingner <sam@bingner.com>, 926969-done@bugs.debian.org
- Subject: Re: Bug#926969: libapt-pkg: SetSignedBy can attempt to access index -1 in an array
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Sun, 14 Apr 2019 11:19:08 +0200
- Message-id: <20190414091908.ox5j7navzgshcprd@crossbow>
Version: 1.8.0~alpha1 Hi Sam, thanks for the patch! The issue was fixed in 1.8.0~alpha1 while introducing support for subkeys, specifically in git commit ff8fa4ab4b80384a9240f0df63181f71077a8d83. I am therefore closing this bug for newer versions. I don't think it is problematic enough to warrant backporting or do you have a specific situation in mind in which this is a huge pain? Regarding the patch itself I think "not foo.empty()" would be better than "foo.size() > 0". Better still might be using APT::String::Endswith. (Can't wait for C++20 finally adding starts/ends_with. It is usually the first helper function I am adding to new projects…) Best regards David Kalnischkies P.S.: For some reason this bugreport did not end up on the mailinglist. I only saw it as new bugreports are announced on our IRC channel by the BTS bot. It seems not to be refused as spam outright, although MISSING_DATE among other things is probably hurting. Listmasters might be able to tell you what happened to your mail exactly.Attachment: signature.asc
Description: PGP signature
--- End Message ---