libupkg: Fix spurious success in upkg_decode_index.

Make the upkg_decode_index function fail if the input is truncated,
rather than successfully returning a bogus value.  As an added bonus,
this actually simplifies the code.

diff --git a/src/libupkg.c b/src/libupkg.c
index 178e235f4ef29b9c31038a3ad184adc259c4d8ce..3ecce7fbbd50c934e090a959950b590e937abec6 100644 (file)
--- a/src/libupkg.c
+++ b/src/libupkg.c
@@ -112,10 +112,9 @@ const struct upkg_file_ops upkg_default_fops = {
  */
 size_t upkg_decode_index(long *val, unsigned char *bytes, size_t n)
 {
-       size_t i = 0;
-
        *val = 0;
-       while (i < MIN(n, 5)) {
+
+       for (size_t i = 0; i < MIN(n, 5); i++) {
                /*
                 * Least significant bytes are first, so we need to do this
                 * nonsense.
@@ -127,18 +126,14 @@ size_t upkg_decode_index(long *val, unsigned char *bytes, size_t n)
                *val += tmp;
 
                if (!(bytes[i] & (i == 0 ? 0x40 : 0x80))) {
-                       i++;
-                       break;
+                       if (bytes[0] & 0x80)
+                               *val = -*val;
+                       return i+1;
                }
-
-               i++;
        }
 
-       if (i > MIN(n, 5) || n == 0)
-               return 0;
-       if (bytes[0] & 0x80)
-               *val = -*val;
-       return i;
+       /* Error */
+       return 0;
 }
 
 static struct upkg_priv *init_upkg(unsigned char hdr[static UPKG_HDR_SIZE])