From: Michael Schroeder <mls@suse.de>
Date: Wed, 22 Apr 2026 13:17:24 +0000 (+0200)
Subject: repo_deb: improve checksum parsing
X-Git-Tag: 0.7.37~2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=047441bb4cc6c29b334cd8d8377f7217b1167f08;p=thirdparty%2Flibsolv.git

repo_deb: improve checksum parsing

1) make sure that the string fits into our buffer
2) prefer longer checksums
---

diff --git a/ext/repo_deb.c b/ext/repo_deb.c
index 25eaf8cb..49a2ffeb 100644
--- a/ext/repo_deb.c
+++ b/ext/repo_deb.c
@@ -371,6 +371,7 @@ control2solvable(Solvable *s, Repodata *data, char *control)
   char checksum[64 * 2 + 1];
   Id checksumtype = 0;
   Id newtype;
+  size_t qlen;
 
   p = control;
   while (*p)
@@ -484,13 +485,13 @@ control2solvable(Solvable *s, Repodata *data, char *control)
 	  break;
 	case 'S' << 8 | 'H':
 	  newtype = solv_chksum_str2type(tag);
-	  if (!newtype || solv_chksum_len(newtype) * 2 != strlen(q))
+	  qlen = strlen(q);
+	  if (!newtype || solv_chksum_len(newtype) * 2 != qlen || qlen + 1 > sizeof(checksum))
 	    break;
-	  if (!checksumtype || (newtype == REPOKEY_TYPE_SHA1 && checksumtype != REPOKEY_TYPE_SHA256) || newtype == REPOKEY_TYPE_SHA256)
-	    {
-	      strcpy(checksum, q);
-	      checksumtype = newtype;
-	    }
+	  if (checksumtype && solv_chksum_len(checksumtype) * 2 >= qlen)
+	    break;	/* new checksum is not longer */
+	  strcpy(checksum, q);
+	  checksumtype = newtype;
 	  break;
 	case 'S' << 8 | 'O':
 	  if (!strcasecmp(tag, "source"))