The header-processing code assumes that tags are in order and unique.
This should be enforced by the parser, but the parser failed to do so
due to a logic error: the last_tag variable was never updated during the
loop, so the tag was always checked to be greater than 99 instead of
greater than the previous tag. This can result in a panic when
processing an untrusted immutable header. Qubes OS and rpmcanon verify
the signature on the main header before processing it, so they are not
affected.
This commit also includes a unit test for headers with unsorted tag data
entries, and a command-line tool that was vital to creating this test.
The header-processing code assumes that tags are in order and unique. This should be enforced by the parser, but the parser failed to do so due to a logic error: the last_tag variable was never updated during the loop, so the tag was always checked to be greater than 99 instead of greater than the previous tag. This can result in a panic when processing an untrusted immutable header. Qubes OS and rpmcanon verify the signature on the main header before processing it, so they are not affected.
This commit also includes a unit test for headers with unsorted tag data entries, and a command-line tool that was vital to creating this test.