237308 – rpm2targz/rpm2targz-9.0.0.2g bug in searching for payload offset

Bug 237308 - rpm2targz/rpm2targz-9.0.0.2g bug in searching for payload offset

Summary: rpm2targz/rpm2targz-9.0.0.2g bug in searching for payload offset

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-09-10 11:47 UTC by Dmitry Karasik
Modified:	2008-09-17 11:13 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dmitry Karasik 2008-09-10 11:47:04 UTC

When searching for the payload offset and not finding it in the current buffer, the code attempts to move the last (MAGIC_SIZE - 1) bytes to the beginning of the buffer. However the code for that is wrong. It reads:

    memmove(p, p + read_cnt - MAGIC_SIZE - 1, MAGIC_SIZE - 1);

but should be:

    memmove(p, p + left + read_cnt - MAGIC_SIZE + 1, MAGIC_SIZE - 1);

Comment 1 SpanKY gentoo-dev

2008-09-17 11:13:45 UTC

it also needs to be moved up above the left/offset update

i wrote a simple test script to brute force generate files with every offset possible from 0 to 30k ... seems to work for all of them now