Closed bayrinat closed 6 years ago
16 bytes is the length of an Index structure. The point of that line is to check for corruption and exit early. There's a chance your file is corrupted.
Can you read the file in any other RPM implementation (maybe rpm -qip <file>
)? If so, can you please share it with us so we can fix this?
Sure, try it. It self-builded empty rpm by rpmbuild without any requires. rpm -qip
works fine.
test_rpm.gz
Thanks, I can replicate the same issue with your package. I'll try to fix.
Hi Ryan(@cavaliercoder ) and Rinat(@bayrinat),
I've dived into RPM internals for several days and can say with full confidence, that header length describes length of data section withOUT index section itself and we cannot statically check it at the point where this check is at the moment.
So, from my point of view there are 3 options:
h.IndexCount*r_IndexHeaderLength > r_MaxHeaderSize
, because it is the only one thing that we know on this step on one hundred percent;currDataSize += currIndexValueSize; currentDataSize + h.IndexCount*r_IndexHeaderLength < r_MaxHeaderSize
, but this check will duplicate "out of index" offset check (it exists on every index value extraction).I propose the second one.
Ryan, which approach do you prefer, if you agree with me, could I send you a PR?
After #12 is merged and closed, I think this issue is solved.
After merging @rpromyshlennikov 's PR #12, I've confirmed that test_rpm
provided by @bayrinat
now reads correctly with this library! Thanks team.
https://github.com/cavaliercoder/go-rpm/blob/master/header.go#L105
Why did you use exactly 16? I have one file that fails on this checking and I have no idea how to fix it.