SHA256
1
0
forked from pool/cpio

Accepting request 360528 from home:kstreitova:branches:Archiving

- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
  write in a way cpio parses certain cpio files [bsc#963448],
  [CVE-2016-2037]

OBS-URL: https://build.opensuse.org/request/show/360528
OBS-URL: https://build.opensuse.org/package/show/Archiving/cpio?expand=0&rev=58
This commit is contained in:
Martin Pluskal 2016-02-19 16:42:39 +00:00 committed by Git OBS Bridge
parent d47d4b1312
commit 390a0b27a2
3 changed files with 48 additions and 1 deletions

View File

@ -0,0 +1,38 @@
* src/copyin.c (process_copy_in): Make sure that file_hdr.c_name
has at least two bytes allocated.
* src/util.c (cpio_safer_name_suffix): Document that use of this
function requires to be careful.
---
src/copyin.c | 2 ++
src/util.c | 5 ++++-
2 files changed, 6 insertions(+), 1 deletion(-)
Index: cpio-2.12/src/copyin.c
===================================================================
--- cpio-2.12.orig/src/copyin.c
+++ cpio-2.12/src/copyin.c
@@ -1434,6 +1434,8 @@ process_copy_in ()
break;
}
+ if (file_hdr.c_namesize <= 1)
+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
false);
Index: cpio-2.12/src/util.c
===================================================================
--- cpio-2.12.orig/src/util.c
+++ cpio-2.12/src/util.c
@@ -1460,7 +1460,10 @@ set_file_times (int fd,
}
/* Do we have to ignore absolute paths, and if so, does the filename
- have an absolute path? */
+ have an absolute path?
+ Before calling this function make sure that the allocated NAME buffer has
+ capacity at least 2 bytes to allow us to store the "." string inside. */
+
void
cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
bool strip_leading_dots)

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri Feb 19 15:47:00 UTC 2016 - kstreitova@suse.com
- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
write in a way cpio parses certain cpio files [bsc#963448],
[CVE-2016-2037]
-------------------------------------------------------------------
Thu Oct 8 11:57:19 UTC 2015 - kstreitova@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package cpio
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -43,6 +43,7 @@ Patch23: paxutils-rtapelib_mtget.patch
Patch24: cpio-check_for_symlinks.patch
Patch25: cpio-fix_truncation_check.patch
Patch26: cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch
Patch27: cpio-2.12-out_of_bounds_write.patch
BuildRequires: autoconf
BuildRequires: automake
Requires(post): %{install_info_prereq}
@ -79,6 +80,7 @@ provided by cpio, install the 'dump' package as well.
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
#chmod 755 .
#chmod u+w *
#chmod a+r *