diff options
author | Timo Teräs <timo.teras@iki.fi> | 2022-02-01 14:47:27 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2022-02-01 14:47:27 +0200 |
commit | 6df225eac38c07ca7fd7de8e59781508bc8ac12b (patch) | |
tree | 74c8c117a87d80f1d309de54ae9096a6ae1e6fce /src | |
parent | bd13e774de8e545f5326e0137ba0ed4291e3b721 (diff) | |
download | apk-tools-6df225eac38c07ca7fd7de8e59781508bc8ac12b.tar.gz apk-tools-6df225eac38c07ca7fd7de8e59781508bc8ac12b.tar.bz2 apk-tools-6df225eac38c07ca7fd7de8e59781508bc8ac12b.tar.xz apk-tools-6df225eac38c07ca7fd7de8e59781508bc8ac12b.zip |
mkpkg, adb: validate version and dependency format
Fail if the package or dependency version format is not valid.
fixes #10807
Diffstat (limited to 'src')
-rw-r--r-- | src/adb.c | 4 | ||||
-rw-r--r-- | src/adb.h | 2 | ||||
-rw-r--r-- | src/apk_adb.c | 13 | ||||
-rw-r--r-- | src/apk_defines.h | 3 | ||||
-rw-r--r-- | src/app_mkpkg.c | 12 | ||||
-rw-r--r-- | src/print.c | 3 |
6 files changed, 26 insertions, 11 deletions
@@ -764,7 +764,7 @@ adb_val_t adb_w_fromstring(struct adb *db, const uint8_t *kind, apk_blob_t val) adb_wo_alloca(&obj, schema, db); if (!schema->fromstring) return ADB_ERROR(APKE_ADB_NO_FROMSTRING); r = schema->fromstring(&obj, val); - if (r) return ADB_ERROR(r); + if (r) return ADB_ERROR(-r); return adb_w_obj(&obj); } default: @@ -849,7 +849,7 @@ adb_val_t adb_w_arr(struct adb_obj *o) return __adb_w_obj(o, ADB_TYPE_ARRAY); } -adb_val_t adb_wo_fromstring(struct adb_obj *o, apk_blob_t val) +int adb_wo_fromstring(struct adb_obj *o, apk_blob_t val) { adb_wo_reset(o); return o->schema->fromstring(o, val); @@ -213,7 +213,7 @@ void adb_wo_reset(struct adb_obj *); void adb_wo_resetdb(struct adb_obj *); adb_val_t adb_w_obj(struct adb_obj *); adb_val_t adb_w_arr(struct adb_obj *); -adb_val_t adb_wo_fromstring(struct adb_obj *o, apk_blob_t); +int adb_wo_fromstring(struct adb_obj *o, apk_blob_t); adb_val_t adb_wo_val(struct adb_obj *o, unsigned i, adb_val_t); adb_val_t adb_wo_val_fromstring(struct adb_obj *o, unsigned i, apk_blob_t); adb_val_t adb_wo_int(struct adb_obj *o, unsigned i, uint32_t); diff --git a/src/apk_adb.c b/src/apk_adb.c index c7fbdde..37206f0 100644 --- a/src/apk_adb.c +++ b/src/apk_adb.c @@ -116,6 +116,12 @@ const struct adb_object_schema schema_string_array = { .fields = ADB_ARRAY_ITEM(scalar_string), }; +static adb_val_t version_fromstring(struct adb *db, apk_blob_t val) +{ + if (!apk_version_validate(val)) return ADB_ERROR(APKE_PKGVERSION_FORMAT); + return adb_w_blob(db, val); +} + static int version_compare(struct adb *db1, adb_val_t v1, struct adb *db2, adb_val_t v2) { switch (apk_version_compare_blob(adb_r_blob(db1, v1), adb_r_blob(db2, v2))) { @@ -128,7 +134,7 @@ static int version_compare(struct adb *db1, adb_val_t v1, struct adb *db2, adb_v static struct adb_scalar_schema scalar_version = { .kind = ADB_KIND_BLOB, .tostring = string_tostring, - .fromstring = string_fromstring, + .fromstring = version_fromstring, .compare = version_compare, }; @@ -327,7 +333,7 @@ static int dependency_fromstring(struct adb_obj *obj, apk_blob_t bdep) return 0; fail: - return -APKE_ADB_DEPENDENCY_FORMAT; + return -APKE_DEPENDENCY_FORMAT; } static int dependency_cmp(const struct adb_obj *o1, const struct adb_obj *o2) @@ -356,7 +362,8 @@ static int dependencies_fromstring(struct adb_obj *obj, apk_blob_t b) adb_wo_alloca(&dep, &schema_dependency, obj->db); while (apk_dep_split(&b, &bdep)) { - adb_wo_fromstring(&dep, bdep); + int r = adb_wo_fromstring(&dep, bdep); + if (r) return r; adb_wa_append_obj(obj, &dep); } diff --git a/src/apk_defines.h b/src/apk_defines.h index 27f31ef..9cacf13 100644 --- a/src/apk_defines.h +++ b/src/apk_defines.h @@ -44,6 +44,8 @@ enum { APKE_SIGNATURE_UNTRUSTED, APKE_SIGNATURE_INVALID, APKE_FORMAT_NOT_SUPPORTED, + APKE_PKGVERSION_FORMAT, + APKE_DEPENDENCY_FORMAT, APKE_ADB_COMPRESSION, APKE_ADB_HEADER, APKE_ADB_VERSION, @@ -52,7 +54,6 @@ enum { APKE_ADB_SIGNATURE, APKE_ADB_NO_FROMSTRING, APKE_ADB_LIMIT, - APKE_ADB_DEPENDENCY_FORMAT, APKE_ADB_PACKAGE_FORMAT, APKE_V2DB_FORMAT, APKE_V2PKG_FORMAT, diff --git a/src/app_mkpkg.c b/src/app_mkpkg.c index 4e61066..afbc150 100644 --- a/src/app_mkpkg.c +++ b/src/app_mkpkg.c @@ -242,8 +242,8 @@ static int mkpkg_main(void *pctx, struct apk_ctx *ac, struct apk_string_array *a // prepare package info for (i = 0; i < ARRAY_SIZE(ctx->info); i++) { - apk_blob_t val = ctx->info[i]; - if (APK_BLOB_IS_NULL(val)) { + apk_blob_t b = ctx->info[i]; + if (APK_BLOB_IS_NULL(b)) { switch (i) { case ADBI_PI_NAME: case ADBI_PI_VERSION: @@ -254,7 +254,13 @@ static int mkpkg_main(void *pctx, struct apk_ctx *ac, struct apk_string_array *a } continue; } - adb_wo_val_fromstring(&pkgi, i, val); + adb_val_t val = adb_wo_val_fromstring(&pkgi, i, b); + if (ADB_IS_ERROR(val)) { + r = ADB_VAL_VALUE(val); + apk_err(out, "field '%s' has invalid value: %s", + schema_pkginfo.fields[i-1].name, apk_error_str(r)); + goto err; + } } if (adb_ro_val(&pkgi, ADBI_PI_ARCH) == ADB_VAL_NULL) adb_wo_blob(&pkgi, ADBI_PI_ARCH, APK_BLOB_STRLIT(APK_DEFAULT_ARCH)); diff --git a/src/print.c b/src/print.c index 187dcf4..4ffc536 100644 --- a/src/print.c +++ b/src/print.c @@ -39,6 +39,8 @@ const char *apk_error_str(int error) case APKE_SIGNATURE_UNTRUSTED: return "UNTRUSTED signature"; case APKE_SIGNATURE_INVALID: return "BAD signature"; case APKE_FORMAT_NOT_SUPPORTED: return "file format not supported (in this applet)"; + case APKE_PKGVERSION_FORMAT: return "package version is invalid"; + case APKE_DEPENDENCY_FORMAT: return "dependency format is invalid"; case APKE_ADB_COMPRESSION: return "ADB compression not supported"; case APKE_ADB_HEADER: return "ADB header error"; case APKE_ADB_VERSION: return "incompatible ADB version"; @@ -47,7 +49,6 @@ const char *apk_error_str(int error) case APKE_ADB_SIGNATURE: return "ADB signature block error"; case APKE_ADB_NO_FROMSTRING: return "ADB schema error (no fromstring)"; case APKE_ADB_LIMIT: return "ADB schema limit reached"; - case APKE_ADB_DEPENDENCY_FORMAT: return "ADB dependency format"; case APKE_ADB_PACKAGE_FORMAT: return "ADB package format"; case APKE_V2DB_FORMAT: return "v2 database format error"; case APKE_V2PKG_FORMAT: return "v2 package format error"; |