OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tar?expand=0&rev=6

2007-08-17 17:02:12 +00:00 · 2007-08-17 17:02:12 +00:00 · 8106919f6a
commit 8106919f6a
parent 802c58f3ed
3 changed files with 108 additions and 2 deletions
--- a/tar-1.17-paxlib-owl-alloca.patch
+++ b/tar-1.17-paxlib-owl-alloca.patch
@ -0,0 +1,95 @@
+2007-08-15  Dmitry V. Levin <ldv@owl.openwall.com>
+
+	Do not use alloca to avoid stack overflow with untrusted input.
+
+	* lib/paxnames.c (hash_string_insert_direct): New function.
+	(hash_string_insert): Use it.
+	(hash_string_insert_data): New function.
+	(safer_name_suffix): Use it instead of hash_string_insert()
+	and alloca().
+
+--- lib/paxnames.c
+++ lib/paxnames.c
+@@ -36,22 +36,50 @@
+   return strcmp (name1, name2) == 0;
+ }
+ 
+-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
+-   copy of STRING to TABLE and return 1.  */
+-bool
+-hash_string_insert (Hash_table **table, char const *string)
+/* Return zero if TABLE contains given STRING; otherwise, insert
+   given STRING to TABLE and return 1.  */
+static bool
+hash_string_insert_direct (Hash_table **table, char const *string)
+ {
+   Hash_table *t = *table;
+-  char *s = xstrdup (string);
+   char *e;
+ 
+   if (! ((t
+ 	  || (*table = t = hash_initialize (0, 0, hash_string_hasher,
+ 					    hash_string_compare, 0)))
+-	 && (e = hash_insert (t, s))))
+	 && (e = hash_insert (t, string))))
+     xalloc_die ();
+ 
+-  if (e == s)
+  return (e == string);
+}
+
+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
+   copy of STRING to TABLE and return 1.  */
+bool
+hash_string_insert (Hash_table **table, char const *string)
+{
+  char *s = xstrdup (string);
+
+  if (hash_string_insert_direct (table, s))
+    return 1;
+  else
+    {
+      free (s);
+      return 0;
+    }
+}
+
+/* Return zero if TABLE contains a string which is a NULL-terminated
+   copy of DATA of given LENGTH; otherwise, insert a string which is a
+   NULL-terminated copy of DATA of given LENGTH to TABLE and return 1.  */
+static bool
+hash_string_insert_data (Hash_table **table, char const *data, size_t length)
+{
+  char *s = xmalloc (length + 1);
+  memcpy (s, data, length);
+  s[length] = '\0';
+
+  if (hash_string_insert_direct (table, s))
+     return 1;
+   else
+     {
+@@ -121,18 +149,16 @@ safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
+ 
+       if (prefix_len)
+ 	{
+-	  char *prefix = alloca (prefix_len + 1);
+-	  memcpy (prefix, file_name, prefix_len);
+-	  prefix[prefix_len] = '\0';
+-
+-	  if (hash_string_insert (&prefix_table[link_target], prefix))
+	  if (hash_string_insert_data (&prefix_table[link_target],
+				       file_name, prefix_len))
+ 	    {
+ 	      static char const *const diagnostic[] =
+ 	      {
+-		N_("Removing leading `%s' from member names"),
+-		N_("Removing leading `%s' from hard link targets")
+		N_("Removing leading `%.*s' from member names"),
+		N_("Removing leading `%.*s' from hard link targets")
+ 	      };
+-	      WARN ((0, 0, _(diagnostic[link_target]), prefix));
+	      WARN ((0, 0, _(diagnostic[link_target]),
+			   (unsigned)prefix_len, file_name));
+ 	    }
+ 	}
+     }
--- a/tar.changes
+++ b/tar.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 17 14:14:39 CEST 2007 - lmichnovic@suse.cz
+
+- upstream fix: use of alloca can cause stack overflow
+  (paxlib-owl-alloca.patch)
+
 -------------------------------------------------------------------
 Thu Jun 21 10:17:56 CEST 2007 - mkoenig@suse.de

--- a/tar.spec
+++ b/tar.spec
@ -13,19 +13,20 @@
 Name:           tar
 BuildRequires:  help2man
 URL:            http://www.gnu.org/software/tar/
-License:        GNU General Public License (GPL)
+License:        GPL v2 or later
 Group:          System/Base
 Provides:       base:/bin/tar
 PreReq:         %install_info_prereq
 Autoreqprov:    on
 Version:        1.17
-Release:        1
+Release:        11
 Summary:        GNU implementation of tar ((t)ape (ar)chiver)
 Source0:        %name-%version.tar.bz2
 Patch0:         tar-disable_languages.patch
 Patch1:         tar-disable-listed02-test.diff
 Patch2:         tar-manpage.patch
 Patch3:         tar-1.17-testsuite12.patch	
+Patch4:         tar-1.17-paxlib-owl-alloca.patch	
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define _bindir  /bin

@ -65,6 +66,7 @@ Authors:
 %patch1 -p1
 %patch2 -p1
 %patch3
+%patch4

 %build
 rm -f po/no.* po/ky.*
@ -106,6 +108,9 @@ rm -r %buildroot/usr/libexec
 rm -rf $RPM_BUILD_ROOT

 %changelog
+* Fri Aug 17 2007 - lmichnovic@suse.cz
+- upstream fix: use of alloca can cause stack overflow
+  (paxlib-owl-alloca.patch)
 * Thu Jun 21 2007 - mkoenig@suse.de
 - update to version 1.17:
  * Fix archivation of sparse files in posix mode