diff --git a/tar-1.17-paxlib-owl-alloca.patch b/tar-1.17-paxlib-owl-alloca.patch index 4bdaff8..cc86091 100644 --- a/tar-1.17-paxlib-owl-alloca.patch +++ b/tar-1.17-paxlib-owl-alloca.patch @@ -1,16 +1,20 @@ +Patch from Sergey Poznyakoff for cpio +based on patch: 2007-08-15 Dmitry V. Levin - Do not use alloca to avoid stack overflow with untrusted input. + Do not use alloca to avoid stack overflow with untrusted input. - * lib/paxnames.c (hash_string_insert_direct): New function. - (hash_string_insert): Use it. - (hash_string_insert_data): New function. - (safer_name_suffix): Use it instead of hash_string_insert() - and alloca(). + * lib/paxnames.c (hash_string_insert_direct): New function. + (hash_string_insert): Use it. + (hash_string_insert_data): New function. + (safer_name_suffix): Use it instead of hash_string_insert() + and alloca(). ---- lib/paxnames.c +Index: lib/paxnames.c +=================================================================== +--- lib/paxnames.c.orig +++ lib/paxnames.c -@@ -36,22 +36,50 @@ +@@ -36,15 +36,27 @@ hash_string_compare (void const *name1, return strcmp (name1, name2) == 0; } @@ -18,57 +22,70 @@ - copy of STRING to TABLE and return 1. */ -bool -hash_string_insert (Hash_table **table, char const *string) -+/* Return zero if TABLE contains given STRING; otherwise, insert -+ given STRING to TABLE and return 1. */ ++/* Return zero if TABLE contains a LEN-character long prefix of STRING, ++ otherwise, insert a newly allocated copy of this prefix to TABLE and ++ return 1. If RETURN_PREFIX is not NULL, point it to the allocated ++ copy. */ +static bool -+hash_string_insert_direct (Hash_table **table, char const *string) ++hash_string_insert_prefix (Hash_table **table, char const *string, size_t len, ++ const char **return_prefix) { Hash_table *t = *table; - char *s = xstrdup (string); ++ char *s; char *e; ++ if (len) ++ { ++ s = xmalloc (len + 1); ++ memcpy (s, string, len); ++ s[len] = 0; ++ } ++ else ++ s = xstrdup (string); ++ if (! ((t || (*table = t = hash_initialize (0, 0, hash_string_hasher, hash_string_compare, 0))) -- && (e = hash_insert (t, s)))) -+ && (e = hash_insert (t, string)))) +@@ -52,7 +64,11 @@ hash_string_insert (Hash_table **table, xalloc_die (); -- if (e == s) -+ return (e == string); -+} -+ + if (e == s) +- return 1; ++ { ++ if (return_prefix) ++ *return_prefix = s; ++ return 1; ++ } + else + { + free (s); +@@ -60,6 +76,14 @@ hash_string_insert (Hash_table **table, + } + } + +/* Return zero if TABLE contains a copy of STRING; otherwise, insert a + copy of STRING to TABLE and return 1. */ +bool +hash_string_insert (Hash_table **table, char const *string) +{ -+ char *s = xstrdup (string); -+ -+ if (hash_string_insert_direct (table, s)) -+ return 1; -+ else -+ { -+ free (s); -+ return 0; -+ } ++ return hash_string_insert_prefix (table, string, 0, NULL); +} + -+/* Return zero if TABLE contains a string which is a NULL-terminated -+ copy of DATA of given LENGTH; otherwise, insert a string which is a -+ NULL-terminated copy of DATA of given LENGTH to TABLE and return 1. */ -+static bool -+hash_string_insert_data (Hash_table **table, char const *data, size_t length) -+{ -+ char *s = xmalloc (length + 1); -+ memcpy (s, data, length); -+ s[length] = '\0'; -+ -+ if (hash_string_insert_direct (table, s)) - return 1; - else - { -@@ -121,18 +149,16 @@ safer_name_suffix (char const *file_name, bool link_target, bool absolute_names) + /* Return 1 if TABLE contains STRING. */ + bool + hash_string_lookup (Hash_table const *table, char const *string) +@@ -88,7 +112,8 @@ removed_prefixes_p (void) + If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */ + + char * +-safer_name_suffix (char const *file_name, bool link_target, bool absolute_names) ++safer_name_suffix (char const *file_name, bool link_target, ++ bool absolute_names) + { + char const *p; + +@@ -121,11 +146,9 @@ safer_name_suffix (char const *file_name if (prefix_len) { @@ -77,19 +94,9 @@ - prefix[prefix_len] = '\0'; - - if (hash_string_insert (&prefix_table[link_target], prefix)) -+ if (hash_string_insert_data (&prefix_table[link_target], -+ file_name, prefix_len)) ++ const char *prefix; ++ if (hash_string_insert_prefix (&prefix_table[link_target], file_name, ++ prefix_len, &prefix)) { static char const *const diagnostic[] = { -- N_("Removing leading `%s' from member names"), -- N_("Removing leading `%s' from hard link targets") -+ N_("Removing leading `%.*s' from member names"), -+ N_("Removing leading `%.*s' from hard link targets") - }; -- WARN ((0, 0, _(diagnostic[link_target]), prefix)); -+ WARN ((0, 0, _(diagnostic[link_target]), -+ (unsigned)prefix_len, file_name)); - } - } - } diff --git a/tar.changes b/tar.changes index 3b856c0..b4239b9 100644 --- a/tar.changes +++ b/tar.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Aug 20 17:56:38 CEST 2007 - mkoenig@suse.de + +- use correct patch for paxlib stack overflow [#301416] + ------------------------------------------------------------------- Fri Aug 17 14:14:39 CEST 2007 - lmichnovic@suse.cz diff --git a/tar.spec b/tar.spec index 84fb17d..ceef2d9 100644 --- a/tar.spec +++ b/tar.spec @@ -19,7 +19,7 @@ Provides: base:/bin/tar PreReq: %install_info_prereq Autoreqprov: on Version: 1.17 -Release: 11 +Release: 13 Summary: GNU implementation of tar ((t)ape (ar)chiver) Source0: %name-%version.tar.bz2 Patch0: tar-disable_languages.patch @@ -108,6 +108,8 @@ rm -r %buildroot/usr/libexec rm -rf $RPM_BUILD_ROOT %changelog +* Mon Aug 20 2007 - mkoenig@suse.de +- use correct patch for paxlib stack overflow [#301416] * Fri Aug 17 2007 - lmichnovic@suse.cz - upstream fix: use of alloca can cause stack overflow (paxlib-owl-alloca.patch)