dpkg-deb: Do not accept deb packages with data and control members swapped

This is not allowed by the format defined in deb(5), but dpkg-deb has been very lenient all this time. Enforce the correct format by erroring out in case of misplaced members.
author: Guillem Jover <guillem@debian.org> 2013-08-06 22:22:35 +0200
committer: Guillem Jover <guillem@debian.org> 2013-08-10 20:12:53 +0200
commit: 547dca4c3ff23df5dfa554f1943b371cd7056ee4 (patch)
tree: 9d213802213e6e6325a0bb52fed4659b2c23d397 /dpkg-deb/extract.c
parent: cb8ed03bbffe892165620ed1ddf753a6b0c1ee62 (diff)
download: dpkg-547dca4c3ff23df5dfa554f1943b371cd7056ee4.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/dpkg-deb/extract.c b/dpkg-deb/extract.c
index 60fff76b9..066a78673 100644
--- a/dpkg-deb/extract.c
+++ b/dpkg-deb/extract.c
@@ -120,7 +120,7 @@ extracthalf(const char *debar, const char *dir,
   int arfd;
   struct stat stab;
   char nlc;
-  int adminmember;
+  int adminmember = -1;
   bool header_done;
   enum compressor_type decompressor = compressor_type_gzip;
 
@@ -181,6 +181,11 @@ extracthalf(const char *debar, const char *dir,
 	if (strncmp(arh.ar_name, ADMINMEMBER, sizeof(arh.ar_name)) == 0)
 	  adminmember = 1;
 	else {
+          if (adminmember != 1)
+            ohshit(_("archive '%s' has premature member '%.*s' before '%s', "
+                     "giving up"),
+                   debar, (int)sizeof(arh.ar_name), arh.ar_name, ADMINMEMBER);
+
 	  if (strncmp(arh.ar_name, DATAMEMBER, strlen(DATAMEMBER)) == 0) {
 	    const char *extension = arh.ar_name + strlen(DATAMEMBER);
author	Guillem Jover <guillem@debian.org>	2013-08-06 22:22:35 +0200
committer	Guillem Jover <guillem@debian.org>	2013-08-10 20:12:53 +0200
commit	547dca4c3ff23df5dfa554f1943b371cd7056ee4 (patch)
tree	9d213802213e6e6325a0bb52fed4659b2c23d397 /dpkg-deb/extract.c
parent	cb8ed03bbffe892165620ed1ddf753a6b0c1ee62 (diff)
download	dpkg-547dca4c3ff23df5dfa554f1943b371cd7056ee4.tar.gz