diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-01-06 12:57:15 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-01-06 12:57:15 -0500 |
| commit | 23800e47361304682914314b99cfd4f3926f28e3 (patch) | |
| tree | e67d984ab5961a81c8b8c6396c79cb218fecda85 /gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch | |
| parent | 9b1bf33081652210502c6ef34506e27a9bc60f06 (diff) | |
| parent | aebb05b09502be00fb121f9c6cd74a190fb12a1c (diff) | |
| download | guix-23800e47361304682914314b99cfd4f3926f28e3.tar guix-23800e47361304682914314b99cfd4f3926f28e3.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch')
| -rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch new file mode 100644 index 0000000000..77c531cb54 --- /dev/null +++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch @@ -0,0 +1,51 @@ +Partially fix CVE-2014-9112, part 2/5. + +From 54d1c42ac2cb91389fca04a5018ad573e4ae265a Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org.ua> +Date: Mon, 01 Dec 2014 19:10:39 +0000 +Subject: Bugfix + +* src/copyin.c (get_link_name): Fix range checking. +* tests/symlink-bad-length.at: Change expected error message. +--- +diff --git a/src/copyin.c b/src/copyin.c +index c502c7d..042cc41 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -128,17 +128,17 @@ tape_skip_padding (int in_file_des, off_t offset) + static char * + get_link_name (struct cpio_file_stat *file_hdr, int in_file_des) + { +- off_t n = file_hdr->c_filesize + 1; + char *link_name; + +- if (n == 0 || n > SIZE_MAX) ++ if (file_hdr->c_filesize < 0 || file_hdr->c_filesize > SIZE_MAX-1) + { +- error (0, 0, _("%s: stored filename length too big"), file_hdr->c_name); ++ error (0, 0, _("%s: stored filename length is out of range"), ++ file_hdr->c_name); + link_name = NULL; + } + else + { +- link_name = xmalloc (n); ++ link_name = xmalloc (file_hdr->c_filesize); + tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); + link_name[file_hdr->c_filesize] = '\0'; + tape_skip_padding (in_file_des, file_hdr->c_filesize); +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +index 6f804b1..cbf4aa7 100644 +--- a/tests/symlink-bad-length.at ++++ b/tests/symlink-bad-length.at +@@ -42,7 +42,7 @@ test $? -eq 2 + ], + [0], + [-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE +-],[cpio: LINK: stored filename length too big ++],[cpio: LINK: stored filename length is out of range + cpio: premature end of file + ]) + +-- +cgit v0.9.0.2 |