rpm/cpio
SHA256
1
0
Fork 0
forked from pool/cpio
Code Pull Requests Activity

Accepting request 487309 from home:kstreitova:branches:Archiving

Browse Source 
- modify cpio-2.12-out_of_bounds_write.patch to fix a regression 
  causing cpio to crash for tar and ustar archive types 
  [bsc#1028410]

OBS-URL: https://build.opensuse.org/request/show/487309
OBS-URL: https://build.opensuse.org/package/show/Archiving/cpio?expand=0&rev=68
This commit is contained in:
Martin Pluskal 2017-04-11 12:17:29 +00:00 committed by Git OBS Bridge
parent 6c51e5aa2f
commit 41c2809514
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cpio-2.12-out_of_bounds_write.patch
View File

@ -11,12 +11,22 @@ Index: cpio-2.12/src/copyin.c
===================================================================
--- cpio-2.12.orig/src/copyin.c
+++ cpio-2.12/src/copyin.c
@@ -1434,6 +1434,8 @@ process_copy_in ()
@@ -1433,6 +1433,18 @@ process_copy_in ()
break;
}
+ if (file_hdr.c_namesize <= 1)
+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
+ /* Fix for CVE-2016-2037 (bsc#963448) and resultant regression (bsc#1028410).
+ For tar and ustar archive formats, file_hdr.c_namesize is not defined and
+ file_hdr.c_name uses static memory. Therefore we can't rely on
+ file_hdr.c_namesize and we can't realloc memory for these archive types.
+ However the patch is still correct for CVE-2016-2037 (we have to be sure
+ that the allocated NAME buffer has a capacity at least 2 bytes to allow
+ us to store the "." string inside) as static char array for tar and ustar
+ has size 2 at least (see tar.c:stash_tar_filename()).
+ */
+ if (archive_format != arf_tar && archive_format != arf_ustar
+ && file_hdr.c_namesize <= 1)
+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
false);
@ -36,3 +46,4 @@ Index: cpio-2.12/src/util.c
void
cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
bool strip_leading_dots)

7
cpio.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Apr 11 10:06:17 UTC 2017 - kstreitova@suse.com
- modify cpio-2.12-out_of_bounds_write.patch to fix a regression
causing cpio to crash for tar and ustar archive types
[bsc#1028410]
-------------------------------------------------------------------
Mon Mar 27 11:13:08 UTC 2017 - mpluskal@suse.com