db: consider control characters in filename as malicious

Especially a newline can produce havoc in the database file as the filename is written there as-is. This hardenes the extraction to consider any control character as malicious. Additional hardening is added to database loading to better detect corrupt state and return proper error code about it. Reported-by: Luca Weiss <luca@z3ntu.xyz>
author: Timo Teräs <timo.teras@iki.fi> 2021-02-04 22:28:23 +0200
committer: Timo Teräs <timo.teras@iki.fi> 2021-02-07 15:31:41 +0200
commit: c1594f60770483625891541375a074fe07338401 (patch)
tree: a3c5560574f370a67e00034a6b750ee0766341d4 /src/apk_defines.h
parent: 77adfc5e67c7a8489705d497bf11568b6c7f3b31 (diff)
download: apk-tools-c1594f60770483625891541375a074fe07338401.tar.gz
apk-tools-c1594f60770483625891541375a074fe07338401.tar.bz2
apk-tools-c1594f60770483625891541375a074fe07338401.tar.xz
apk-tools-c1594f60770483625891541375a074fe07338401.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/apk_defines.h b/src/apk_defines.h
index 8e46afa..e4f247a 100644
--- a/src/apk_defines.h
+++ b/src/apk_defines.h
@@ -35,6 +35,8 @@
 #define EAPKBADURL		1024
 #define EAPKSTALEINDEX		1025
 #define EAPKFORMAT		1026
+#define EAPKDEPFORMAT		1027
+#define EAPKDBFORMAT		1028
 
 static inline void *ERR_PTR(long error) { return (void*) error; }
 static inline void *ERR_CAST(const void *ptr) { return (void*) ptr; }
author	Timo Teräs <timo.teras@iki.fi>	2021-02-04 22:28:23 +0200
committer	Timo Teräs <timo.teras@iki.fi>	2021-02-07 15:31:41 +0200
commit	c1594f60770483625891541375a074fe07338401 (patch)
tree	a3c5560574f370a67e00034a6b750ee0766341d4 /src/apk_defines.h
parent	77adfc5e67c7a8489705d497bf11568b6c7f3b31 (diff)
download	apk-tools-c1594f60770483625891541375a074fe07338401.tar.gz apk-tools-c1594f60770483625891541375a074fe07338401.tar.bz2 apk-tools-c1594f60770483625891541375a074fe07338401.tar.xz apk-tools-c1594f60770483625891541375a074fe07338401.zip