* apt-pkg/deb/deblistparser.cc:

  - check length and containing chars for a given description md5sum

diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc
index 00e2bd9..7bef677 100644 (file)
--- a/apt-pkg/deb/deblistparser.cc
+++ b/apt-pkg/deb/deblistparser.cc
@@ -215,15 +215,22 @@ string debListParser::DescriptionLanguage()
  */
 MD5SumValue debListParser::Description_md5()
 {
-   string value = Section.FindS("Description-md5");
-
-   if (value.empty()) 
+   string const value = Section.FindS("Description-md5");
+   if (value.empty() == true)
    {
       MD5Summation md5;
       md5.Add((Description() + "\n").c_str());
       return md5.Result();
-   } else
-      return MD5SumValue(value);
+   }
+   else if (likely(value.size() == 32))
+   {
+      if (likely(value.find_first_not_of("0123456789abcdefABCDEF") == string::npos))
+        return MD5SumValue(value);
+      _error->Error("Malformed Description-md5 line; includes invalid character '%s'", value.c_str());
+      return MD5SumValue();
+   }
+   _error->Error("Malformed Description-md5 line; doesn't have the required length (32 != %d) '%s'", (int)value.size(), value.c_str());
+   return MD5SumValue();
 }
                                                                         /*}}}*/
 // ListParser::UsePackage - Update a package structure                 /*{{{*/

diff --git a/debian/changelog b/debian/changelog
index 799653d..72830ad 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,8 +28,10 @@ apt (0.9.3) unstable; urgency=low
     - use the correct library name the symbols header
   * apt-pkg/pkgcachegen.cc:
     - check if NewDescription allocation has failed and error out accordingly
+  * apt-pkg/deb/deblistparser.cc:
+    - check length and containing chars for a given description md5sum
 
- -- David Kalnischkies <kalnischkies@gmail.com>  Wed, 02 May 2012 21:59:02 +0200
+ -- David Kalnischkies <kalnischkies@gmail.com>  Wed, 02 May 2012 22:28:32 +0200
 
 apt (0.9.2) unstable; urgency=low