This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
802c58f3ed
commit
8106919f6a
95
tar-1.17-paxlib-owl-alloca.patch
Normal file
95
tar-1.17-paxlib-owl-alloca.patch
Normal file
@ -0,0 +1,95 @@
|
||||
2007-08-15 Dmitry V. Levin <ldv@owl.openwall.com>
|
||||
|
||||
Do not use alloca to avoid stack overflow with untrusted input.
|
||||
|
||||
* lib/paxnames.c (hash_string_insert_direct): New function.
|
||||
(hash_string_insert): Use it.
|
||||
(hash_string_insert_data): New function.
|
||||
(safer_name_suffix): Use it instead of hash_string_insert()
|
||||
and alloca().
|
||||
|
||||
--- lib/paxnames.c
|
||||
+++ lib/paxnames.c
|
||||
@@ -36,22 +36,50 @@
|
||||
return strcmp (name1, name2) == 0;
|
||||
}
|
||||
|
||||
-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
|
||||
- copy of STRING to TABLE and return 1. */
|
||||
-bool
|
||||
-hash_string_insert (Hash_table **table, char const *string)
|
||||
+/* Return zero if TABLE contains given STRING; otherwise, insert
|
||||
+ given STRING to TABLE and return 1. */
|
||||
+static bool
|
||||
+hash_string_insert_direct (Hash_table **table, char const *string)
|
||||
{
|
||||
Hash_table *t = *table;
|
||||
- char *s = xstrdup (string);
|
||||
char *e;
|
||||
|
||||
if (! ((t
|
||||
|| (*table = t = hash_initialize (0, 0, hash_string_hasher,
|
||||
hash_string_compare, 0)))
|
||||
- && (e = hash_insert (t, s))))
|
||||
+ && (e = hash_insert (t, string))))
|
||||
xalloc_die ();
|
||||
|
||||
- if (e == s)
|
||||
+ return (e == string);
|
||||
+}
|
||||
+
|
||||
+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
|
||||
+ copy of STRING to TABLE and return 1. */
|
||||
+bool
|
||||
+hash_string_insert (Hash_table **table, char const *string)
|
||||
+{
|
||||
+ char *s = xstrdup (string);
|
||||
+
|
||||
+ if (hash_string_insert_direct (table, s))
|
||||
+ return 1;
|
||||
+ else
|
||||
+ {
|
||||
+ free (s);
|
||||
+ return 0;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/* Return zero if TABLE contains a string which is a NULL-terminated
|
||||
+ copy of DATA of given LENGTH; otherwise, insert a string which is a
|
||||
+ NULL-terminated copy of DATA of given LENGTH to TABLE and return 1. */
|
||||
+static bool
|
||||
+hash_string_insert_data (Hash_table **table, char const *data, size_t length)
|
||||
+{
|
||||
+ char *s = xmalloc (length + 1);
|
||||
+ memcpy (s, data, length);
|
||||
+ s[length] = '\0';
|
||||
+
|
||||
+ if (hash_string_insert_direct (table, s))
|
||||
return 1;
|
||||
else
|
||||
{
|
||||
@@ -121,18 +149,16 @@ safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
|
||||
|
||||
if (prefix_len)
|
||||
{
|
||||
- char *prefix = alloca (prefix_len + 1);
|
||||
- memcpy (prefix, file_name, prefix_len);
|
||||
- prefix[prefix_len] = '\0';
|
||||
-
|
||||
- if (hash_string_insert (&prefix_table[link_target], prefix))
|
||||
+ if (hash_string_insert_data (&prefix_table[link_target],
|
||||
+ file_name, prefix_len))
|
||||
{
|
||||
static char const *const diagnostic[] =
|
||||
{
|
||||
- N_("Removing leading `%s' from member names"),
|
||||
- N_("Removing leading `%s' from hard link targets")
|
||||
+ N_("Removing leading `%.*s' from member names"),
|
||||
+ N_("Removing leading `%.*s' from hard link targets")
|
||||
};
|
||||
- WARN ((0, 0, _(diagnostic[link_target]), prefix));
|
||||
+ WARN ((0, 0, _(diagnostic[link_target]),
|
||||
+ (unsigned)prefix_len, file_name));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 17 14:14:39 CEST 2007 - lmichnovic@suse.cz
|
||||
|
||||
- upstream fix: use of alloca can cause stack overflow
|
||||
(paxlib-owl-alloca.patch)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 21 10:17:56 CEST 2007 - mkoenig@suse.de
|
||||
|
||||
|
||||
9
tar.spec
9
tar.spec
@ -13,19 +13,20 @@
|
||||
Name: tar
|
||||
BuildRequires: help2man
|
||||
URL: http://www.gnu.org/software/tar/
|
||||
License: GNU General Public License (GPL)
|
||||
License: GPL v2 or later
|
||||
Group: System/Base
|
||||
Provides: base:/bin/tar
|
||||
PreReq: %install_info_prereq
|
||||
Autoreqprov: on
|
||||
Version: 1.17
|
||||
Release: 1
|
||||
Release: 11
|
||||
Summary: GNU implementation of tar ((t)ape (ar)chiver)
|
||||
Source0: %name-%version.tar.bz2
|
||||
Patch0: tar-disable_languages.patch
|
||||
Patch1: tar-disable-listed02-test.diff
|
||||
Patch2: tar-manpage.patch
|
||||
Patch3: tar-1.17-testsuite12.patch
|
||||
Patch4: tar-1.17-paxlib-owl-alloca.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
%define _bindir /bin
|
||||
|
||||
@ -65,6 +66,7 @@ Authors:
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3
|
||||
%patch4
|
||||
|
||||
%build
|
||||
rm -f po/no.* po/ky.*
|
||||
@ -106,6 +108,9 @@ rm -r %buildroot/usr/libexec
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%changelog
|
||||
* Fri Aug 17 2007 - lmichnovic@suse.cz
|
||||
- upstream fix: use of alloca can cause stack overflow
|
||||
(paxlib-owl-alloca.patch)
|
||||
* Thu Jun 21 2007 - mkoenig@suse.de
|
||||
- update to version 1.17:
|
||||
* Fix archivation of sparse files in posix mode
|
||||
|
||||
Loading…
Reference in New Issue
Block a user