rpms/cpio/devel cpio-2.9-safer_name_suffix.patch, NONE, 1.1 cpio.spec, 1.56, 1.57
Radek Brich (rbrich)
fedora-extras-commits at redhat.com
Fri Nov 2 13:24:56 UTC 2007
Author: rbrich
Update of /cvs/extras/rpms/cpio/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7736
Modified Files:
cpio.spec
Added Files:
cpio-2.9-safer_name_suffix.patch
Log Message:
CVE-2007-4476
cpio-2.9-safer_name_suffix.patch:
--- NEW FILE cpio-2.9-safer_name_suffix.patch ---
diff -up tar-1.17/lib/paxnames.c.safer_name_suffix tar-1.17/lib/paxnames.c
--- tar-1.17/lib/paxnames.c.safer_name_suffix 2005-05-22 00:55:55.000000000 +0200
+++ tar-1.17/lib/paxnames.c 2007-10-22 17:32:54.000000000 +0200
@@ -36,15 +36,27 @@ hash_string_compare (void const *name1,
return strcmp (name1, name2) == 0;
}
-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
- copy of STRING to TABLE and return 1. */
-bool
-hash_string_insert (Hash_table **table, char const *string)
+/* Return zero if TABLE contains a LEN-character long prefix of STRING,
+ otherwise, insert a newly allocated copy of this prefix to TABLE and
+ return 1. If RETURN_PREFIX is not NULL, point it to the allocated
+ copy. */
+static bool
+hash_string_insert_prefix (Hash_table **table, char const *string, size_t len,
+ const char **return_prefix)
{
Hash_table *t = *table;
- char *s = xstrdup (string);
+ char *s;
char *e;
+ if (len)
+ {
+ s = xmalloc (len + 1);
+ memcpy (s, string, len);
+ s[len] = 0;
+ }
+ else
+ s = xstrdup (string);
+
if (! ((t
|| (*table = t = hash_initialize (0, 0, hash_string_hasher,
hash_string_compare, 0)))
@@ -52,7 +64,11 @@ hash_string_insert (Hash_table **table,
xalloc_die ();
if (e == s)
- return 1;
+ {
+ if (return_prefix)
+ *return_prefix = s;
+ return 1;
+ }
else
{
free (s);
@@ -60,6 +76,14 @@ hash_string_insert (Hash_table **table,
}
}
+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
+ copy of STRING to TABLE and return 1. */
+bool
+hash_string_insert (Hash_table **table, char const *string)
+{
+ return hash_string_insert_prefix (table, string, 0, NULL);
+}
+
/* Return 1 if TABLE contains STRING. */
bool
hash_string_lookup (Hash_table const *table, char const *string)
@@ -88,7 +112,8 @@ removed_prefixes_p (void)
If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */
char *
-safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
+safer_name_suffix (char const *file_name, bool link_target,
+ bool absolute_names)
{
char const *p;
@@ -121,11 +146,9 @@ safer_name_suffix (char const *file_name
if (prefix_len)
{
- char *prefix = alloca (prefix_len + 1);
- memcpy (prefix, file_name, prefix_len);
- prefix[prefix_len] = '\0';
-
- if (hash_string_insert (&prefix_table[link_target], prefix))
+ const char *prefix;
+ if (hash_string_insert_prefix (&prefix_table[link_target], file_name,
+ prefix_len, &prefix))
{
static char const *const diagnostic[] =
{
Index: cpio.spec
===================================================================
RCS file: /cvs/extras/rpms/cpio/devel/cpio.spec,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- cpio.spec 4 Sep 2007 09:29:03 -0000 1.56
+++ cpio.spec 2 Nov 2007 13:24:23 -0000 1.57
@@ -3,7 +3,7 @@
Summary: A GNU archiving program
Name: cpio
Version: 2.9
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv3+
Group: Applications/Archiving
URL: http://www.gnu.org/software/cpio/
@@ -13,6 +13,7 @@
Patch2: cpio-2.9-rh.patch
Patch3: cpio-2.9-chmodRaceC.patch
Patch4: cpio-2.9-exitCode.patch
+Patch5: cpio-2.9-safer_name_suffix.patch
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
BuildRequires: texinfo, autoconf, gettext
@@ -38,6 +39,7 @@
%patch2 -p1 -b .rh
%patch3 -p1 -b .chmodRaceC
%patch4 -p1 -b .exitCode
+%patch5 -p1 -b .safer_name_suffix
autoheader
@@ -78,6 +80,9 @@
%{_infodir}/*.info*
%changelog
+* Thu Nov 01 2007 Radek Brich <rbrich at redhat.com> 2.9-5
+- upstream patch for CVE-2007-4476 (stack crashing in safer_name_suffix)
+
* Tue Sep 04 2007 Radek Brich <rbrich at redhat.com> 2.9-4
- Updated license tag
More information about the fedora-extras-commits
mailing list