Fix buffer overflow in debListParser::VersionHash()

If a package file is formatted in a way that that no space
follows a deprecated "<", we would reformat it to "<=" and
increase the length of the output by 1, which can break.

Under normal circumstances with "<=" this should not be an
issue.

Closes: #828812
(cherry picked from commit b6e9756ca03ec887ef1d0bc8e38f63c29db7a365)

diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index ed5484ad97a0a5720134dffcc137ee1763ff1ce4..e24ced27189fff38650ab555f29623c585e99c56 100644 (file)
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -357,8 +357,12 @@ unsigned short debListParser::VersionHash()
            continue;
         *J++ = tolower_ascii(*Start);
 
-        if ((*Start == '<' || *Start == '>') && Start[1] != *Start && Start[1] != '=')
-           *J++ = '=';
+        /* Normalize <= to < and >= to >. This is the wrong way around, but
+         * more efficient that the right way. And since we're only hashing
+         * it does not matter which way we normalize. */
+        if ((*Start == '<' || *Start == '>') && Start[1] == '=') {
+           Start++;
+        }
       }
 
       Result = AddCRC16(Result,S,J - S);