From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001 From: Michael Schroeder Date: Mon, 14 Dec 2020 11:12:00 +0100 Subject: [PATCH] testcase_read: error out if repos are added or the system is changed too late We must not add new solvables after the considered map was created, the solver was created, or jobs were added. We may not changed the system after jobs have been added. (Jobs may point inside the whatproviedes array, so we must not invalidate this area.) Upstream-Status: Backport https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec CVE: CVE-2021-3200 Signed-off-by: Chee Yang Lee --- ext/testcase.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/ext/testcase.c b/ext/testcase.c index 0be7a213..8fb6d793 100644 --- a/ext/testcase.c +++ b/ext/testcase.c @@ -1991,6 +1991,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res Id *genid = 0; int ngenid = 0; Queue autoinstq; + int oldjobsize = job ? job->count : 0; if (resultp) *resultp = 0; @@ -2065,6 +2066,21 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res int prio, subprio; const char *rdata; + if (pool->considered) + { + pool_error(pool, 0, "testcase_read: cannot add repos after packages were disabled"); + continue; + } + if (solv) + { + pool_error(pool, 0, "testcase_read: cannot add repos after the solver was created"); + continue; + } + if (job && job->count != oldjobsize) + { + pool_error(pool, 0, "testcase_read: cannot add repos after jobs have been created"); + continue; + } prepared = 0; if (!poolflagsreset) { @@ -2125,6 +2141,11 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res int i; /* must set the disttype before the arch */ + if (job && job->count != oldjobsize) + { + pool_error(pool, 0, "testcase_read: cannot change the system after jobs have been created"); + continue; + } prepared = 0; if (strcmp(pieces[2], "*") != 0) {