Do not accept an initial hyphen in field names

Accepting such field names as valid, would make the parsers accept
control stanzas that have not been properly sanitized from OpenPGP
dash-escaping. Just refuse these field names, as there's really no
reason to accept them.

3 files changed, 7 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 34935b603..aba5303ba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -108,6 +108,7 @@ dpkg (1.17.2) UNRELEASED; urgency=low
     then reinstalled as a new version, to get removed again when revisiting
     the array in a subsequent package processing. Closes: #726112
   * Do not accept empty field names in dpkg.
+  * Do not accept an initial hyphen in field names.
 
   [ Updated programs translations ]
   * German (Sven Joachim).
diff --git a/lib/dpkg/parse.c b/lib/dpkg/parse.c
index 6358c0586..76fd84b89 100644
--- a/lib/dpkg/parse.c
+++ b/lib/dpkg/parse.c
@@ -583,6 +583,9 @@ parse_stanza(struct parsedb_state *ps, struct field_state *fs,
     fs->fieldlen = ps->dataptr - fs->fieldstart - 1;
     if (fs->fieldlen == 0)
       parse_error(ps,  _("empty field name"));
+    if (fs->fieldstart[0] == '-')
+      parse_error(ps,  _("field name '%.*s' cannot start with hyphen"),
+                  fs->fieldlen, fs->fieldstart);
 
     /* Skip spaces before ‘:’. */
     while (!parse_EOF(ps) && c != '\n' && isspace(c))
diff --git a/scripts/Dpkg/Control/HashCore.pm b/scripts/Dpkg/Control/HashCore.pm
index ffb87c1d7..8a5d6e33d 100644
--- a/scripts/Dpkg/Control/HashCore.pm
+++ b/scripts/Dpkg/Control/HashCore.pm
@@ -194,6 +194,9 @@ sub parse {
 	$paraborder = 0;
 	if (m/^(\S+?)\s*:\s*(.*)$/) {
 	    $parabody = 1;
+	    if ($1 =~ m/^-/) {
+		$self->parse_error($desc, _g('field cannot start with a hyphen'));
+	    }
 	    if (exists $self->{$1}) {
 		unless ($$self->{allow_duplicate}) {
 		    $self->parse_error($desc, _g('duplicate field %s found'), $1);