diff options
| author | Mark H Weaver <mhw@netris.org> | 2014-12-30 14:13:20 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2014-12-30 14:48:13 -0500 |
| commit | c7bdc7ece5650be75314dc302f3cdcf02806857b (patch) | |
| tree | a9e7d038daf6e113e79d50255c0143c3719a4cbb /gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch | |
| parent | 1c69e4ce3f33242ee8d209b8078fc78a73355446 (diff) | |
gnu: cpio: Add fixes for CVE-2014-9112.
* gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch,
gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch,
gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch,
gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch,
gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/cpio.scm (cpio): Add patches. Add 'autoconf' to
native-inputs.
Diffstat (limited to 'gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch')
| -rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch new file mode 100644 index 0000000000..77c531cb54 --- /dev/null +++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch @@ -0,0 +1,51 @@ +Partially fix CVE-2014-9112, part 2/5. + +From 54d1c42ac2cb91389fca04a5018ad573e4ae265a Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org.ua> +Date: Mon, 01 Dec 2014 19:10:39 +0000 +Subject: Bugfix + +* src/copyin.c (get_link_name): Fix range checking. +* tests/symlink-bad-length.at: Change expected error message. +--- +diff --git a/src/copyin.c b/src/copyin.c +index c502c7d..042cc41 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -128,17 +128,17 @@ tape_skip_padding (int in_file_des, off_t offset) + static char * + get_link_name (struct cpio_file_stat *file_hdr, int in_file_des) + { +- off_t n = file_hdr->c_filesize + 1; + char *link_name; + +- if (n == 0 || n > SIZE_MAX) ++ if (file_hdr->c_filesize < 0 || file_hdr->c_filesize > SIZE_MAX-1) + { +- error (0, 0, _("%s: stored filename length too big"), file_hdr->c_name); ++ error (0, 0, _("%s: stored filename length is out of range"), ++ file_hdr->c_name); + link_name = NULL; + } + else + { +- link_name = xmalloc (n); ++ link_name = xmalloc (file_hdr->c_filesize); + tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); + link_name[file_hdr->c_filesize] = '\0'; + tape_skip_padding (in_file_des, file_hdr->c_filesize); +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +index 6f804b1..cbf4aa7 100644 +--- a/tests/symlink-bad-length.at ++++ b/tests/symlink-bad-length.at +@@ -42,7 +42,7 @@ test $? -eq 2 + ], + [0], + [-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE +-],[cpio: LINK: stored filename length too big ++],[cpio: LINK: stored filename length is out of range + cpio: premature end of file + ]) + +-- +cgit v0.9.0.2 |