rpms/tar/FC-6 tar-1.15.1-safer_name_suffix.patch, NONE, 1.1 tar.spec, 1.56, 1.57
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Oct 24 13:06:31 UTC 2007
- Previous message (by thread): rpms/kernel/FC-6 linux-2.6-snapshot-2.6.22.11.patch, NONE, 1.1 kernel-2.6.spec, 1.3032, 1.3033 linux-2.6-acpi-disable-cstates-in-suspend.patch, 1.1, NONE
- Next message (by thread): rpms/rpm/FC-6 config.guess, NONE, 1.1 config.sub, NONE, 1.1 rpm-4.4.2.1-addinstall.patch, NONE, 1.1 rpm-4.4.2.1-macrobuffer.patch, NONE, 1.1 rpm.spec, 1.217, 1.218
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rbrich
Update of /cvs/dist/rpms/tar/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv29023
Modified Files:
tar.spec
Added Files:
tar-1.15.1-safer_name_suffix.patch
Log Message:
CVE-2007-4476
tar-1.15.1-safer_name_suffix.patch:
names.c | 42 ++++++++++++++++++++++++++++++++----------
1 files changed, 32 insertions(+), 10 deletions(-)
--- NEW FILE tar-1.15.1-safer_name_suffix.patch ---
diff -up tar-1.15.1/src/names.c.safer_name_suffix tar-1.15.1/src/names.c
--- tar-1.15.1/src/names.c.safer_name_suffix 2007-10-22 16:21:20.000000000 +0200
+++ tar-1.15.1/src/names.c 2007-10-22 16:23:45.000000000 +0200
@@ -958,15 +958,27 @@ hash_string_compare (void const *name1,
return strcmp (name1, name2) == 0;
}
-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
- copy of STRING to TABLE and return 1. */
+/* Return zero if TABLE contains a LEN-character long prefix of STRING,
+ otherwise, insert a newly allocated copy of this prefix to TABLE and
+ return 1. If RETURN_PREFIX is not NULL, point it to the allocated
+ copy. */
static bool
-hash_string_insert (Hash_table **table, char const *string)
+hash_string_insert_prefix (Hash_table **table, char const *string, size_t len,
+ const char **return_prefix)
{
Hash_table *t = *table;
- char *s = xstrdup (string);
+ char *s;
char *e;
+ if (len)
+ {
+ s = xmalloc (len + 1);
+ memcpy (s, string, len);
+ s[len] = 0;
+ }
+ else
+ s = xstrdup (string);
+
if (! ((t
|| (*table = t = hash_initialize (0, 0, hash_string_hasher,
hash_string_compare, 0)))
@@ -974,7 +986,11 @@ hash_string_insert (Hash_table **table,
xalloc_die ();
if (e == s)
- return 1;
+ {
+ if (return_prefix)
+ *return_prefix = s;
+ return 1;
+ }
else
{
free (s);
@@ -982,6 +998,14 @@ hash_string_insert (Hash_table **table,
}
}
+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
+ copy of STRING to TABLE and return 1. */
+bool
+hash_string_insert (Hash_table **table, char const *string)
+{
+ return hash_string_insert_prefix (table, string, 0, NULL);
+}
+
/* Return 1 if TABLE contains STRING. */
static bool
hash_string_lookup (Hash_table const *table, char const *string)
@@ -1082,11 +1106,9 @@ safer_name_suffix (char const *file_name
if (prefix_len)
{
- char *prefix = alloca (prefix_len + 1);
- memcpy (prefix, file_name, prefix_len);
- prefix[prefix_len] = '\0';
-
- if (hash_string_insert (&prefix_table[link_target], prefix))
+ const char *prefix;
+ if (hash_string_insert_prefix (&prefix_table[link_target], file_name,
+ prefix_len, &prefix))
{
static char const *const diagnostic[] =
{
Index: tar.spec
===================================================================
RCS file: /cvs/dist/rpms/tar/FC-6/tar.spec,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- tar.spec 29 Aug 2007 09:01:25 -0000 1.56
+++ tar.spec 24 Oct 2007 13:06:28 -0000 1.57
@@ -2,7 +2,7 @@
Name: tar
Epoch: 2
Version: 1.15.1
-Release: 26%{?dist}
+Release: 27%{?dist}
License: GPL
Group: Applications/Archiving
URL: http://www.gnu.org/software/tar/
@@ -27,6 +27,7 @@
Patch16: tar-1.15.1-mangling.patch
Patch17: tar-1.15.1-stdout.patch
Patch18: tar-1.15.1-dot_dot_vuln.patch
+Patch19: tar-1.15.1-safer_name_suffix.patch
Prereq: info
BuildRequires: autoconf automake gzip libacl-devel libselinux-devel
Buildroot: %{_tmppath}/%{name}-%{version}-root
@@ -63,6 +64,7 @@
%patch16 -p1 -b .mangling
%patch17 -p1 -b .stdout
%patch18 -p1 -b .dot_dot_vuln
+%patch19 -p1 -b .safer_name_suffix
automake
%build
@@ -120,6 +122,10 @@
%{_infodir}/tar.info*
%changelog
+* Wed Oct 24 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-27
+- backported upstream patch for CVE-2007-4476
+ (tar stack crashing in safer_name_suffix)
+
* Wed Aug 29 2007 Radek Brich <rbrich at redhat.com> 2:1.15.1-26
- Fix CVE-2007-4131 tar directory traversal vulnerability (#253685)
- Previous message (by thread): rpms/kernel/FC-6 linux-2.6-snapshot-2.6.22.11.patch, NONE, 1.1 kernel-2.6.spec, 1.3032, 1.3033 linux-2.6-acpi-disable-cstates-in-suspend.patch, 1.1, NONE
- Next message (by thread): rpms/rpm/FC-6 config.guess, NONE, 1.1 config.sub, NONE, 1.1 rpm-4.4.2.1-addinstall.patch, NONE, 1.1 rpm-4.4.2.1-macrobuffer.patch, NONE, 1.1 rpm.spec, 1.217, 1.218
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list