policy: Be more strict about parsing pin files, and document prio 0

author Julian Andres Klode <jak@debian.org>

Wed, 12 Aug 2015 18:44:40 +0000 (20:44 +0200)

committer Julian Andres Klode <jak@debian.org>

Wed, 12 Aug 2015 18:51:08 +0000 (20:51 +0200)
author Julian Andres Klode <jak@debian.org>
Wed, 12 Aug 2015 18:44:40 +0000 (20:44 +0200)
committer Julian Andres Klode <jak@debian.org>
Wed, 12 Aug 2015 18:51:08 +0000 (20:51 +0200)
diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc

index bf6ec0ff7fdc8c97390cb2d9de4bcac15d0a8737..76c36b71bfde8745933f4bc5ff7a18478c288a66 100644 (file)
--- a/apt-pkg/policy.cc
+++ b/apt-pkg/policy.cc
@@ -478,11 +478,18 @@ bool ReadPinFile(pkgPolicy &Plcy,string File)
        }
        for (; Word != End && isspace(*Word) != 0; Word++);
  
-      short int priority = Tags.FindI("Pin-Priority", 0);
+      int priority = Tags.FindI("Pin-Priority", 0);
+      if (priority < std::numeric_limits<short>::min() ||
+          priority > std::numeric_limits<short>::max() ||
+         _error->PendingError()) {
+        return _error->Error(_("%s: Value %s is outside the range of valid pin priorities (%d to %d)"),
+                             File.c_str(), Tags.FindS("Pin-Priority").c_str(),
+                             std::numeric_limits<short>::min(),
+                             std::numeric_limits<short>::max());
+      }
        if (priority == 0)
        {
-         _error->Warning(_("No priority (or zero) specified for pin"));
-         continue;
+         return _error->Error(_("No priority (or zero) specified for pin"));
        }
  
        istringstream s(Name);
diff --git a/apt-pkg/tagfile.cc b/apt-pkg/tagfile.cc

index 253b1b7a33d6ab58022cdaa113d09aff03c1bebf..8acecd735f9da90642a3f2a29e0b3766c5295f97 100644 (file)
--- a/apt-pkg/tagfile.cc
+++ b/apt-pkg/tagfile.cc
@@ -533,9 +533,16 @@ signed int pkgTagSection::FindI(const char *Tag,signed long Default) const
        return Default;
     strncpy(S,Start,Stop-Start);
     S[Stop - Start] = 0;
-   
+
+   errno = 0;
     char *End;
     signed long Result = strtol(S,&End,10);
+   if (errno == ERANGE)
+      _error->Errno("strtol", _("Cannot convert %s to integer"), S);
+   if (Result < std::numeric_limits<int>::min() || Result > std::numeric_limits<int>::max()) {
+      errno = ERANGE;
+      _error->Errno("", _("Cannot convert %s to integer"), S);
+   }
     if (S == End)
        return Default;
     return Result;
diff --git a/doc/apt_preferences.5.xml b/doc/apt_preferences.5.xml

index 16e6a7aa0eab80bfe7f4112bbc54546fae886617..5703203b0de1515efec48904fa2b92b3d697491f 100644 (file)
--- a/doc/apt_preferences.5.xml
+++ b/doc/apt_preferences.5.xml
@@ -339,6 +339,10 @@ only if there is no installed version of the package</simpara></listitem>
  <term>P &lt; 0</term>
  <listitem><simpara>prevents the version from being installed</simpara></listitem>
  </varlistentry>
+<varlistentry>
+<term>P = 0</term>
+<listitem><simpara>has undefined behaviour, do not use it.</simpara></listitem>
+</varlistentry>
  </variablelist>
  </para>
author	Julian Andres Klode <jak@debian.org>
	Wed, 12 Aug 2015 18:44:40 +0000 (20:44 +0200)
committer	Julian Andres Klode <jak@debian.org>
	Wed, 12 Aug 2015 18:51:08 +0000 (20:51 +0200)
apt-pkg/policy.cc		patch \| blob \| blame \| history
apt-pkg/tagfile.cc		patch \| blob \| blame \| history
doc/apt_preferences.5.xml		patch \| blob \| blame \| history