From 8f22a9b0cc845d169e5305912bee9428072937c4b71a14f6666f480fc7e24070 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 12 Mar 2010 00:53:55 +0000 Subject: [PATCH] Accepting request 34548 from Base:System Copy from Base:System/tar based on submit request 34548 from user mseben OBS-URL: https://build.opensuse.org/request/show/34548 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tar?expand=0&rev=21 --- tar-heap_overflow_in_rtapelib.patch | 52 +++++++++++++++++++++++++++++ tar.changes | 6 ++++ tar.spec | 5 ++- 3 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 tar-heap_overflow_in_rtapelib.patch diff --git a/tar-heap_overflow_in_rtapelib.patch b/tar-heap_overflow_in_rtapelib.patch new file mode 100644 index 0000000..41d0626 --- /dev/null +++ b/tar-heap_overflow_in_rtapelib.patch @@ -0,0 +1,52 @@ +From 9bc39283e4cc6ab9e5913ccbf766998eab4ff093 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Mon, 01 Mar 2010 08:49:03 +0000 +Subject: Bugfixes in rtapelib + +* lib/rmt.h (rmtcreat): Use fcntl O_ macros insead of +their hardcoded values. +* lib/rtapelib.c (rmt_read__,rmt_ioctl__): Prevent +potential overflow. +--- +diff --git a/lib/rmt.h b/lib/rmt.h +index 50f037c..2ce9dc5 100644 +--- a/lib/rmt.h ++++ b/lib/rmt.h +@@ -61,7 +61,7 @@ extern bool force_local_option; + + #define rmtcreat(dev_name, mode, command) \ + (_remdev (dev_name) \ +- ? rmt_open__ (dev_name, 1 | O_CREAT, __REM_BIAS, command) \ ++ ? rmt_open__ (dev_name, O_CREAT | O_WRONLY, __REM_BIAS, command) \ + : creat (dev_name, mode)) + + #define rmtlstat(dev_name, muffer) \ +diff --git a/lib/rtapelib.c b/lib/rtapelib.c +index 02ad1e7..cb645db 100644 +--- a/lib/rtapelib.c ++++ b/lib/rtapelib.c +@@ -573,7 +573,8 @@ rmt_read__ (int handle, char *buffer, size_t length) + + sprintf (command_buffer, "R%lu\n", (unsigned long) length); + if (do_command (handle, command_buffer) == -1 +- || (status = get_status (handle)) == SAFE_READ_ERROR) ++ || (status = get_status (handle)) == SAFE_READ_ERROR ++ || status > length) + return SAFE_READ_ERROR; + + for (counter = 0; counter < status; counter += rlen, buffer += rlen) +@@ -709,6 +710,12 @@ rmt_ioctl__ (int handle, int operation, char *argument) + || (status = get_status (handle), status == -1)) + return -1; + ++ if (status > sizeof (struct mtop)) ++ { ++ errno = EOVERFLOW; ++ return -1; ++ } ++ + for (; status > 0; status -= counter, argument += counter) + { + counter = safe_read (READ_SIDE (handle), argument, status); +-- +cgit v0.8.2.1 diff --git a/tar.changes b/tar.changes index 9ba0e4c..d22680c 100644 --- a/tar.changes +++ b/tar.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Mar 3 09:29:23 UTC 2010 - mseben@novell.com + +- added heap_overflow_in_rtapelib.patch fix possible heap overflow in + rtapelib.c (bnc#579475) + ------------------------------------------------------------------- Tue Feb 2 20:35:03 UTC 2010 - mseben@novell.com diff --git a/tar.spec b/tar.spec index 1b165aa..d60910c 100644 --- a/tar.spec +++ b/tar.spec @@ -27,7 +27,7 @@ Provides: base:/bin/tar PreReq: %install_info_prereq AutoReqProv: on Version: 1.22 -Release: 1 +Release: 2 Summary: GNU implementation of tar ((t)ape (ar)chiver) Source0: %name-%version.tar.bz2 # @@ -36,6 +36,8 @@ Patch1: tar-disable-listed02-test.diff Patch2: tar-manpage.patch Patch3: tar-wildcards.patch Patch5: tar-1.22-fortifysourcessigabrt.patch +#fix possible heap overflow in rtapelib.c bnc#579475 (fix already in upstream git) +Patch6: tar-heap_overflow_in_rtapelib.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Recommends: xz Recommends: tar-lang = %version @@ -89,6 +91,7 @@ Shell scripts for system backup/restore %patch2 -p1 %patch3 -p1 %patch5 -p1 +%patch6 -p1 %build rm -f po/no.* po/ky.*