[Frugalware-darcs] frugalware-0.6: libarchive-1.3.1-3terminus1-i686

VMiklos vmiklos at frugalware.org
Sun Jul 29 17:29:53 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070729152902-e2957-6406c0bb808d1a883b1667635ccaf24ad9ed2618.gz;

[libarchive-1.3.1-3terminus1-i686
VMiklos <vmiklos at frugalware.org>**20070729152902
 added SA-0705_libarchive.patch
 closes #2258
] {
hunk ./source/lib/libarchive/FrugalBuild 6
-pkgrel=2
+pkgrel=3terminus1
hunk ./source/lib/libarchive/FrugalBuild 14
-	http://security.freebsd.org/patches/SA-06:24/libarchive.patch)
+	http://security.freebsd.org/patches/SA-06:24/libarchive.patch \
+	SA-0705_libarchive.patch)
hunk ./source/lib/libarchive/FrugalBuild 18
-	  '324ecb963224875909e3d407574e311d39d919f4')
+          '324ecb963224875909e3d407574e311d39d919f4' \
+          'f9f1e0b6aeaa6a0531d97601d5fe39729a2e66d3')
addfile ./source/lib/libarchive/SA-0705_libarchive.patch
hunk ./source/lib/libarchive/SA-0705_libarchive.patch 1
+From: http://security.FreeBSD.org/patches/SA-07:05/libarchive.patch
+
+Index: lib/libarchive/archive_read_support_format_tar.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libarchive/archive_read_support_format_tar.c,v
+retrieving revision 1.32.2.2
+diff -u -I__FBSDID -I$FreeBSD -r1.32.2.2 archive_read_support_format_tar.c
+--- lib/libarchive/archive_read_support_format_tar.c	5 Sep 2006 05:23:51 -0000	1.32.2.2
++++ lib/libarchive/archive_read_support_format_tar.c	10 Jul 2007 09:10:24 -0000
+@@ -670,7 +670,13 @@
+ 		}
+ 	}
+ 	--tar->header_recursion_depth;
+-	return (err);
++	/* We return warnings or success as-is.  Anything else is fatal. */
++	if (err == ARCHIVE_WARN || err == ARCHIVE_OK)
++		return (err);
++	if (err == ARCHIVE_EOF)
++		/* EOF when recursively reading a header is bad. */
++		archive_set_error(a, EINVAL, "Damaged tar archive");
++	return (ARCHIVE_FATAL);
+ }
+ 
+ /*
+@@ -741,32 +747,55 @@
+ header_Solaris_ACL(struct archive *a, struct tar *tar,
+     struct archive_entry *entry, struct stat *st, const void *h)
+ {
+-	int err, err2;
+-	char *p;
++	const struct archive_entry_header_ustar *header;
++	size_t size;
++	int err;
++	char *acl, *p;
+ 	wchar_t *wp;
+ 
++	/*
++	 * read_body_to_string adds a NUL terminator, but we need a little
++	 * more to make sure that we don't overrun acl_text later.
++	 */
++	header = (const struct archive_entry_header_ustar *)h;
++	size = tar_atol(header->size, sizeof(header->size));
+ 	err = read_body_to_string(a, tar, &(tar->acl_text), h);
+-	err2 = tar_read_header(a, tar, entry, st);
+-	err = err_combine(err, err2);
+-
+-	/* XXX Ensure p doesn't overrun acl_text */
++	if (err != ARCHIVE_OK)
++		return (err);
++	err = tar_read_header(a, tar, entry, st);
++	if ((err != ARCHIVE_OK) && (err != ARCHIVE_WARN))
++		return (err);
+ 
+ 	/* Skip leading octal number. */
+ 	/* XXX TODO: Parse the octal number and sanity-check it. */
+-	p = tar->acl_text.s;
+-	while (*p != '\0')
++	p = acl = tar->acl_text.s;
++	while (*p != '\0' && p < acl + size)
+ 		p++;
+ 	p++;
+ 
+-	wp = malloc((strlen(p) + 1) * sizeof(wchar_t));
+-	if (wp != NULL) {
+-		utf8_decode(wp, p, strlen(p));
+-		err2 = __archive_entry_acl_parse_w(entry, wp,
+-		    ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
+-		err = err_combine(err, err2);
+-		free(wp);
++	if (p >= acl + size) {
++		archive_set_error(a, ARCHIVE_ERRNO_MISC,
++		    "Malformed Solaris ACL attribute");
++		return(ARCHIVE_WARN);
+ 	}
+ 
++	/* Skip leading octal number. */
++	size -= (p - acl);
++	acl = p;
++
++	while (*p != '\0' && p < acl + size)
++		p++;
++
++	wp = malloc((p - acl + 1) * sizeof(wchar_t));
++	if (wp == NULL) {
++		archive_set_error(a, ENOMEM,
++		    "Can't allocate work buffer for ACL parsing");
++		return (ARCHIVE_FATAL);
++	}
++	utf8_decode(wp, acl, p - acl);
++	err = __archive_entry_acl_parse_w(entry, wp,
++	    ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
++	free(wp);
+ 	return (err);
+ }
+ 
+@@ -777,15 +806,17 @@
+ header_longlink(struct archive *a, struct tar *tar,
+     struct archive_entry *entry, struct stat *st, const void *h)
+ {
+-	int err, err2;
++	int err;
+ 
+ 	err = read_body_to_string(a, tar, &(tar->longlink), h);
+-	err2 = tar_read_header(a, tar, entry, st);
+-	if (err == ARCHIVE_OK && err2 == ARCHIVE_OK) {
+-		/* Set symlink if symlink already set, else hardlink. */
+-		archive_entry_set_link(entry, tar->longlink.s);
+-	}
+-	return (err_combine(err, err2));
++	if (err != ARCHIVE_OK)
++		return (err);
++	err = tar_read_header(a, tar, entry, st);
++	if ((err != ARCHIVE_OK) && (err != ARCHIVE_WARN))
++		return (err);
++	/* Set symlink if symlink already set, else hardlink. */
++	archive_entry_set_link(entry, tar->longlink.s);
++	return (ARCHIVE_OK);
+ }
+ 
+ /*
+@@ -795,14 +826,17 @@
+ header_longname(struct archive *a, struct tar *tar,
+     struct archive_entry *entry, struct stat *st, const void *h)
+ {
+-	int err, err2;
++	int err;
+ 
+ 	err = read_body_to_string(a, tar, &(tar->longname), h);
++	if (err != ARCHIVE_OK)
++		return (err);
+ 	/* Read and parse "real" header, then override name. */
+-	err2 = tar_read_header(a, tar, entry, st);
+-	if (err == ARCHIVE_OK && err2 == ARCHIVE_OK)
+-		archive_entry_set_pathname(entry, tar->longname.s);
+-	return (err_combine(err, err2));
++	err = tar_read_header(a, tar, entry, st);
++	if ((err != ARCHIVE_OK) && (err != ARCHIVE_WARN))
++		return (err);
++	archive_entry_set_pathname(entry, tar->longname.s);
++	return (ARCHIVE_OK);
+ }
+ 
+ 
+@@ -836,12 +870,20 @@
+ 	header = h;
+ 	size  = tar_atol(header->size, sizeof(header->size));
+ 
++	/* Sanity check. */
++	if ((size > 1048576) || (size < 0)) {
++		archive_set_error(a, EINVAL, "Special header too large");
++		return (ARCHIVE_FATAL);
++	}
++
+ 	/* Read the body into the string. */
+ 	archive_string_ensure(as, size+1);
+ 	padded_size = (size + 511) & ~ 511;
+ 	dest = as->s;
+ 	while (padded_size > 0) {
+ 		bytes_read = (a->compression_read_ahead)(a, &src, padded_size);
++		if (bytes_read == 0)
++			return (ARCHIVE_EOF);
+ 		if (bytes_read < 0)
+ 			return (ARCHIVE_FATAL);
+ 		if (bytes_read > padded_size)
+@@ -1027,11 +1069,13 @@
+ header_pax_global(struct archive *a, struct tar *tar,
+     struct archive_entry *entry, struct stat *st, const void *h)
+ {
+-	int err, err2;
++	int err;
+ 
+ 	err = read_body_to_string(a, tar, &(tar->pax_global), h);
+-	err2 = tar_read_header(a, tar, entry, st);
+-	return (err_combine(err, err2));
++	if (err != ARCHIVE_OK)
++		return (err);
++	err = tar_read_header(a, tar, entry, st);
++	return (err);
+ }
+ 
+ static int
+@@ -1040,10 +1084,14 @@
+ {
+ 	int err, err2;
+ 
+-	read_body_to_string(a, tar, &(tar->pax_header), h);
++	err = read_body_to_string(a, tar, &(tar->pax_header), h);
++	if (err != ARCHIVE_OK)
++		return (err);
+ 
+ 	/* Parse the next header. */
+ 	err = tar_read_header(a, tar, entry, st);
++	if ((err != ARCHIVE_OK) && (err != ARCHIVE_WARN))
++		return (err);
+ 
+ 	/*
+ 	 * TODO: Parse global/default options into 'entry' struct here
+@@ -1141,8 +1189,11 @@
+ 				l--;
+ 				break;
+ 			}
+-			if (*p < '0' || *p > '9')
+-				return (-1);
++			if (*p < '0' || *p > '9') {
++				archive_set_error(a, ARCHIVE_ERRNO_MISC,
++				    "Ignoring malformed pax extended attributes");
++				return (ARCHIVE_WARN);
++			}
+ 			line_length *= 10;
+ 			line_length += *p - '0';
+ 			if (line_length > 999999) {
+@@ -1154,8 +1205,19 @@
+ 			l--;
+ 		}
+ 
+-		if (line_length > attr_length)
+-			return (0);
++		/*
++		 * Parsed length must be no bigger than available data,
++		 * at least 1, and the last character of the line must
++		 * be '\n'.
++		 */
++		if (line_length > attr_length
++		    || line_length < 1
++		    || attr[line_length - 1] != '\n')
++		{
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Ignoring malformed pax extended attribute");
++			return (ARCHIVE_WARN);
++		}
+ 
+ 		/* Ensure pax_entry buffer is big enough. */
+ 		if (tar->pax_entry_length <= line_length) {
}


More information about the Frugalware-darcs mailing list