From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1122356-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id AA72713997D
	for <garchives@archives.gentoo.org>; Wed, 13 Nov 2019 15:20:41 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DFCDFE0858;
	Wed, 13 Nov 2019 15:20:40 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 7738CE0858
	for <gentoo-commits@lists.gentoo.org>; Wed, 13 Nov 2019 15:20:40 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id F0BF434CD8F
	for <gentoo-commits@lists.gentoo.org>; Wed, 13 Nov 2019 15:20:38 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 49DA3824
	for <gentoo-commits@lists.gentoo.org>; Wed, 13 Nov 2019 15:20:37 +0000 (UTC)
From: "Fabian Groffen" <grobian@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Fabian Groffen" <grobian@gentoo.org>
Message-ID: <1573658363.58aaf6e646f22e2f05599f54b13400812afa5a79.grobian@gentoo>
Subject: [gentoo-commits] proj/portage-utils:master commit in: libq/
X-VCS-Repository: proj/portage-utils
X-VCS-Files: libq/xpak.c
X-VCS-Directories: libq/
X-VCS-Committer: grobian
X-VCS-Committer-Name: Fabian Groffen
X-VCS-Revision: 58aaf6e646f22e2f05599f54b13400812afa5a79
X-VCS-Branch: master
Date: Wed, 13 Nov 2019 15:20:37 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 048813e4-4ad1-4d3f-ad90-6621613ad2da
X-Archives-Hash: 5d4cb9bfdc61bfa9fefbaadc99819ca7

commit:     58aaf6e646f22e2f05599f54b13400812afa5a79
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 13 15:19:23 2019 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Nov 13 15:19:23 2019 +0000
URL:        https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=58aaf6e6

libq/xpak: turn asserts into real error checks

Using asserts to validate external data is a bad idea.  Turn them into
proper errors instead.

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 libq/xpak.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/libq/xpak.c b/libq/xpak.c
index 2785899..ee989e4 100644
--- a/libq/xpak.c
+++ b/libq/xpak.c
@@ -11,7 +11,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <xalloc.h>
-#include <assert.h>
 
 #include "basename.h"
 #include "copy_file.h"
@@ -61,7 +60,9 @@ static void _xpak_walk_index(
 	p = x->index;
 	while ((p - x->index) < x->index_len) {
 		pathname_len = READ_BE_INT32((unsigned char*)p);
-		assert((size_t)pathname_len < sizeof(pathname));
+		if (pathname_len >= sizeof(pathname))
+			err("pathname length %d exceeds limit %zd",
+					pathname_len, sizeof(pathname));
 		p += 4;
 		memcpy(pathname, p, pathname_len);
 		pathname[pathname_len] = '\0';
@@ -151,9 +152,11 @@ xpak_list(
 
 	x->dir_fd = dir_fd;
 	x->index = buf;
-	assert((size_t)x->index_len < sizeof(buf));
+	if (x->index_len >= sizeof(buf))
+		err("index length %d exceeds limit %zd", x->index_len, sizeof(buf));
 	ret = fread(x->index, 1, x->index_len, x->fp);
-	assert(ret == (size_t)x->index_len);
+	if (ret != (size_t)x->index_len)
+		err("insufficient data read, got %zd, requested %d", ret, x->index_len);
 	_xpak_walk_index(x, argc, argv, func);
 
 	_xpak_close(x);
@@ -180,17 +183,17 @@ xpak_extract(
 	x->dir_fd = dir_fd;
 	x->index = buf;
 
-	assert((size_t)x->index_len < sizeof(buf));
+	if (x->index_len >= sizeof(buf))
+		err("index length %d exceeds limit %zd", x->index_len, sizeof(buf));
 	in = fread(x->index, 1, x->index_len, x->fp);
-	if ((int)in != x->index_len)
-		err("index chunk: read %i bytes, wanted %i bytes",
-				(int)in, x->index_len);
+	if (in != (size_t)x->index_len)
+		err("insufficient data read, got %zd, requested %d", in, x->index_len);
 
 	/* the xpak may be large (like when it has CONTENTS) #300744 */
 	x->data = (size_t)x->data_len < sizeof(ext) ? ext : xmalloc(x->data_len);
 	in = fread(x->data, 1, x->data_len, x->fp);
-	if ((int)in != x->data_len)
-		err("data chunk: read %i bytes, wanted %i bytes", (int)in, x->data_len);
+	if (in != (size_t)x->index_len)
+		err("insufficient data read, got %zd, requested %d", in, x->index_len);
 
 	_xpak_walk_index(x, argc, argv, func);