From cabb57e9168fed0232e37904911c30353cb0a701 Mon Sep 17 00:00:00 2001
From: Adam Heath <doogie@debian.org>
Date: Fri, 23 Aug 2002 04:43:52 +0000
Subject: [PATCH] Fix several read pass buffer bugs, and a memleak.

---
 ChangeLog        | 5 +++++
 debian/changelog | 1 +
 lib/database.c   | 2 +-
 lib/parse.c      | 1 +
 lib/parsehelp.c  | 2 +-
 main/main.c      | 2 +-
 6 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 90d39f0d..49b68463 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Thu Aug 22 23:37:45 CDT 2002 Adam Heath <doogie@debian.org>
+
+  * lib/database.c, lib/parse.c, lib/parsehelp.c, main/main.c: Fix several
+    read pass buffer bugs, and a memleak.
+
 Thu Aug 22 23:25:23 CDT 2002 Adam Heath <doogie@debian.org>
 
   * lib/nfmalloc.c: Fix read past buffer in lib/nfmalloc.c.
diff --git a/debian/changelog b/debian/changelog
index f295e5a5..62aa267a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ dpkg (1.10.5) unstable; urgency=low
   * Fix extraction of md5sum in dpkg-scanpackages.  Closes: #153769.
   * Handle directories better in md5sum.  Closes: #157453.
   * Fix read past buffer in lib/nfmalloc.c.  Closes: #157304.
+  * Fix several read pass buffer bugs, and a memleak.  Closes: #155362.
 
  -- Adam Heath <doogie@debian.org>  UNRELEASED
 
diff --git a/lib/database.c b/lib/database.c
index b809dbe4..90e4ede5 100644
--- a/lib/database.c
+++ b/lib/database.c
@@ -181,7 +181,7 @@ struct pkginfo *findpackage(const char *inname) {
   pointerp= bins + (hash(name) & (BINS-1));
   while (*pointerp && strcasecmp((*pointerp)->name,name))
     pointerp= &(*pointerp)->next;
-  if (*pointerp) return *pointerp;
+  if (*pointerp) { free(name); return *pointerp; }
 
   newpkg= nfmalloc(sizeof(struct pkginfo));
   blankpackage(newpkg);
diff --git a/lib/parse.c b/lib/parse.c
index 951d3242..7133d923 100644
--- a/lib/parse.c
+++ b/lib/parse.c
@@ -173,6 +173,7 @@ int parsedb(const char *filename, enum parsedbflags flags,
         if (c == '\n' || c == MSDOS_EOF_CHAR) {
           lno++;
           c= getc_mmap(dataptr);
+	  if (EOF_mmap(dataptr, endptr)) break;
 /* Found double eol, or start of new field */
           if (EOF_mmap(dataptr, endptr) || c == '\n' || !isspace(c)) break;
           ungetc_mmap(c,dataptr, data);
diff --git a/lib/parsehelp.c b/lib/parsehelp.c
index d02b009e..c7295024 100644
--- a/lib/parsehelp.c
+++ b/lib/parsehelp.c
@@ -214,7 +214,7 @@ const char *parseversion(struct versionrevision *rversion, const char *string) {
   } else {
     rversion->epoch= 0;
   }
-  rversion->version= nfstrnsave(string,end-string+1);
+  rversion->version= nfstrnsave(string,end-string);
   hyphen= strrchr(rversion->version,'-');
   if (hyphen) *hyphen++= 0;
   rversion->revision= hyphen ? hyphen : "";
diff --git a/main/main.c b/main/main.c
index 407702b9..8e8ef122 100644
--- a/main/main.c
+++ b/main/main.c
@@ -433,7 +433,7 @@ void execbackend(const char *const *argv) {
   int i, argc = 1;
   const char *const *arg = argv;
   while(*arg != 0) { arg++; argc++; }
-  nargv= malloc(sizeof(char *) * argc + 2);
+  nargv= malloc(sizeof(char *) * (argc + 2));
 
   if (!nargv) ohshite(_("couldn't malloc in execbackend"));
   nargv[0]= strdup(cipaction->parg);
-- 
2.39.5