1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Mon, 14 Dec 2020 11:12:00 +0100
Subject: [PATCH] testcase_read: error out if repos are added or the system is
changed too late
We must not add new solvables after the considered map was created, the solver
was created, or jobs were added. We may not changed the system after jobs have
been added.
(Jobs may point inside the whatproviedes array, so we must not invalidate this
area.)
Upstream-Status: Backport
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
CVE: CVE-2021-3200
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
ext/testcase.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/ext/testcase.c b/ext/testcase.c
index 0be7a213..8fb6d793 100644
--- a/ext/testcase.c
+++ b/ext/testcase.c
@@ -1991,6 +1991,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
Id *genid = 0;
int ngenid = 0;
Queue autoinstq;
+ int oldjobsize = job ? job->count : 0;
if (resultp)
*resultp = 0;
@@ -2065,6 +2066,21 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
int prio, subprio;
const char *rdata;
+ if (pool->considered)
+ {
+ pool_error(pool, 0, "testcase_read: cannot add repos after packages were disabled");
+ continue;
+ }
+ if (solv)
+ {
+ pool_error(pool, 0, "testcase_read: cannot add repos after the solver was created");
+ continue;
+ }
+ if (job && job->count != oldjobsize)
+ {
+ pool_error(pool, 0, "testcase_read: cannot add repos after jobs have been created");
+ continue;
+ }
prepared = 0;
if (!poolflagsreset)
{
@@ -2125,6 +2141,11 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
int i;
/* must set the disttype before the arch */
+ if (job && job->count != oldjobsize)
+ {
+ pool_error(pool, 0, "testcase_read: cannot change the system after jobs have been created");
+ continue;
+ }
prepared = 0;
if (strcmp(pieces[2], "*") != 0)
{
|