pool/tar
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tar?expand=0&rev=7

Browse Source
This commit is contained in:
OBS User unknown 2007-08-20 16:55:45 +00:00 committed by Git OBS Bridge
parent 8106919f6a
commit 13c7c40712
3 changed files with 69 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
tar-1.17-paxlib-owl-alloca.patch
View File

@ -1,16 +1,20 @@
Patch from Sergey Poznyakoff <gray@mirddin.farlep.net> for cpio
based on patch:
2007-08-15 Dmitry V. Levin <ldv@owl.openwall.com>
Do not use alloca to avoid stack overflow with untrusted input.
Do not use alloca to avoid stack overflow with untrusted input.
* lib/paxnames.c (hash_string_insert_direct): New function.
(hash_string_insert): Use it.
(hash_string_insert_data): New function.
(safer_name_suffix): Use it instead of hash_string_insert()
and alloca().
* lib/paxnames.c (hash_string_insert_direct): New function.
(hash_string_insert): Use it.
(hash_string_insert_data): New function.
(safer_name_suffix): Use it instead of hash_string_insert()
and alloca().
--- lib/paxnames.c
Index: lib/paxnames.c
===================================================================
--- lib/paxnames.c.orig
+++ lib/paxnames.c
@@ -36,22 +36,50 @@
@@ -36,15 +36,27 @@ hash_string_compare (void const *name1,
return strcmp (name1, name2) == 0;
}
@ -18,57 +22,70 @@
- copy of STRING to TABLE and return 1. */
-bool
-hash_string_insert (Hash_table **table, char const *string)
+/* Return zero if TABLE contains given STRING; otherwise, insert
+ given STRING to TABLE and return 1. */
+/* Return zero if TABLE contains a LEN-character long prefix of STRING,
+ otherwise, insert a newly allocated copy of this prefix to TABLE and
+ return 1. If RETURN_PREFIX is not NULL, point it to the allocated
+ copy. */
+static bool
+hash_string_insert_direct (Hash_table **table, char const *string)
+hash_string_insert_prefix (Hash_table **table, char const *string, size_t len,
+ const char **return_prefix)
{
Hash_table *t = *table;
- char *s = xstrdup (string);
+ char *s;
char *e;
+ if (len)
+ {
+ s = xmalloc (len + 1);
+ memcpy (s, string, len);
+ s[len] = 0;
+ }
+ else
+ s = xstrdup (string);
+
if (! ((t
|| (*table = t = hash_initialize (0, 0, hash_string_hasher,
hash_string_compare, 0)))
- && (e = hash_insert (t, s))))
+ && (e = hash_insert (t, string))))
@@ -52,7 +64,11 @@ hash_string_insert (Hash_table **table,
xalloc_die ();
- if (e == s)
+ return (e == string);
+}
+
if (e == s)
- return 1;
+ {
+ if (return_prefix)
+ *return_prefix = s;
+ return 1;
+ }
else
{
free (s);
@@ -60,6 +76,14 @@ hash_string_insert (Hash_table **table,
}
}
+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
+ copy of STRING to TABLE and return 1. */
+bool
+hash_string_insert (Hash_table **table, char const *string)
+{
+ char *s = xstrdup (string);
+
+ if (hash_string_insert_direct (table, s))
+ return 1;
+ else
+ {
+ free (s);
+ return 0;
+ }
+ return hash_string_insert_prefix (table, string, 0, NULL);
+}
+
+/* Return zero if TABLE contains a string which is a NULL-terminated
+ copy of DATA of given LENGTH; otherwise, insert a string which is a
+ NULL-terminated copy of DATA of given LENGTH to TABLE and return 1. */
+static bool
+hash_string_insert_data (Hash_table **table, char const *data, size_t length)
+{
+ char *s = xmalloc (length + 1);
+ memcpy (s, data, length);
+ s[length] = '\0';
+
+ if (hash_string_insert_direct (table, s))
return 1;
else
{
@@ -121,18 +149,16 @@ safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
/* Return 1 if TABLE contains STRING. */
bool
hash_string_lookup (Hash_table const *table, char const *string)
@@ -88,7 +112,8 @@ removed_prefixes_p (void)
If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */
char *
-safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
+safer_name_suffix (char const *file_name, bool link_target,
+ bool absolute_names)
{
char const *p;
@@ -121,11 +146,9 @@ safer_name_suffix (char const *file_name
if (prefix_len)
{
@ -77,19 +94,9 @@
- prefix[prefix_len] = '\0';
-
- if (hash_string_insert (&prefix_table[link_target], prefix))
+ if (hash_string_insert_data (&prefix_table[link_target],
+ file_name, prefix_len))
+ const char *prefix;
+ if (hash_string_insert_prefix (&prefix_table[link_target], file_name,
+ prefix_len, &prefix))
{
static char const *const diagnostic[] =
{
- N_("Removing leading `%s' from member names"),
- N_("Removing leading `%s' from hard link targets")
+ N_("Removing leading `%.*s' from member names"),
+ N_("Removing leading `%.*s' from hard link targets")
};
- WARN ((0, 0, _(diagnostic[link_target]), prefix));
+ WARN ((0, 0, _(diagnostic[link_target]),
+ (unsigned)prefix_len, file_name));
}
}
}

5
tar.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Aug 20 17:56:38 CEST 2007 - mkoenig@suse.de
- use correct patch for paxlib stack overflow [#301416]
-------------------------------------------------------------------
Fri Aug 17 14:14:39 CEST 2007 - lmichnovic@suse.cz

4
tar.spec
View File

@ -19,7 +19,7 @@ Provides: base:/bin/tar
PreReq: %install_info_prereq
Autoreqprov: on
Version: 1.17
Release: 11
Release: 13
Summary: GNU implementation of tar ((t)ape (ar)chiver)
Source0: %name-%version.tar.bz2
Patch0: tar-disable_languages.patch
@ -108,6 +108,8 @@ rm -r %buildroot/usr/libexec
rm -rf $RPM_BUILD_ROOT
%changelog
* Mon Aug 20 2007 - mkoenig@suse.de
- use correct patch for paxlib stack overflow [#301416]
* Fri Aug 17 2007 - lmichnovic@suse.cz
- upstream fix: use of alloca can cause stack overflow
(paxlib-owl-alloca.patch)