Accepting request 34549 from home:mseben:branches:Archiving

Copy from home:mseben:branches:Archiving/cpio via accept of submit request 34549 revision 2. Request was accepted with message: OBS-URL: https://build.opensuse.org/request/show/34549 OBS-URL: https://build.opensuse.org/package/show/Archiving/cpio?expand=0&rev=17
2010-03-10 20:02:22 +00:00 · 2010-03-10 20:02:22 +00:00 · 40b0001686
commit 40b0001686
parent e645699a2d
3 changed files with 62 additions and 0 deletions
--- a/cpio-2.10-heap_overflow_in_rtapelib.patch
+++ b/cpio-2.10-heap_overflow_in_rtapelib.patch
@ -0,0 +1,52 @@
+From 9bc39283e4cc6ab9e5913ccbf766998eab4ff093 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org.ua>
+Date: Mon, 01 Mar 2010 08:49:03 +0000
+Subject: Bugfixes in rtapelib
+
+* lib/rmt.h (rmtcreat): Use fcntl O_ macros insead of
+their hardcoded values.
+* lib/rtapelib.c (rmt_read__,rmt_ioctl__): Prevent
+potential overflow.
+---
+diff --git a/lib/rmt.h b/lib/rmt.h
+index 50f037c..2ce9dc5 100644
+--- a/lib/rmt.h
+++ b/lib/rmt.h
+@@ -61,7 +61,7 @@ extern bool force_local_option;
+ 
+ #define rmtcreat(dev_name, mode, command) \
+    (_remdev (dev_name) \
+-    ? rmt_open__ (dev_name, 1 | O_CREAT, __REM_BIAS, command) \
+    ? rmt_open__ (dev_name, O_CREAT | O_WRONLY, __REM_BIAS, command) \
+     : creat (dev_name, mode))
+ 
+ #define rmtlstat(dev_name, muffer) \
+diff --git a/lib/rtapelib.c b/lib/rtapelib.c
+index 02ad1e7..cb645db 100644
+--- a/lib/rtapelib.c
+++ b/lib/rtapelib.c
+@@ -573,7 +573,8 @@ rmt_read__ (int handle, char *buffer, size_t length)
+ 
+   sprintf (command_buffer, "R%lu\n", (unsigned long) length);
+   if (do_command (handle, command_buffer) == -1
+-      || (status = get_status (handle)) == SAFE_READ_ERROR)
+      || (status = get_status (handle)) == SAFE_READ_ERROR
+      || status > length)
+     return SAFE_READ_ERROR;
+ 
+   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
+@@ -709,6 +710,12 @@ rmt_ioctl__ (int handle, int operation, char *argument)
+ 	    || (status = get_status (handle), status == -1))
+ 	  return -1;
+ 
+	if (status > sizeof (struct mtop))
+	  {
+	    errno = EOVERFLOW;
+	    return -1;
+	  }
+	
+ 	for (; status > 0; status -= counter, argument += counter)
+ 	  {
+ 	    counter = safe_read (READ_SIDE (handle), argument, status);
+--
+cgit v0.8.2.1
--- a/cpio.changes
+++ b/cpio.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Mar  3 09:29:23 UTC 2010 - mseben@novell.com
+
+- added heap_overflow_in_rtapelib.patch fix possible heap overflow in 
+  rtapelib.c (bnc#579475)
+
 -------------------------------------------------------------------
 Sat Dec 26 11:51:46 CET 2009 - jengelh@medozas.de

--- a/cpio.spec
+++ b/cpio.spec
@ -43,6 +43,9 @@ Patch18:        %{name}-%{version}-default_tape_dev.patch
 Patch19:        %{name}-%{version}-include_fatal_c.patch
 #PATCH-FIX-UPSTREAM cpio-2.10-close_files_after_copy.patch
 Patch20:        %{name}-%{version}-close_files_after_copy.patch
+#fix possible heap overflow in rtapelib.c bnc#579475 
+Patch21:		%{name}-%{version}-heap_overflow_in_rtapelib.patch
+PreReq:         %install_info_prereq
 PreReq:         %install_info_prereq
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       %{name}-lang = %{version}
@ -80,6 +83,7 @@ Authors:
 %patch18
 %patch19
 %patch20
+%patch21 -p1
 #chmod 755 .
 #chmod u+w *
 #chmod a+r *