aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch')
-rw-r--r--gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch105
1 files changed, 105 insertions, 0 deletions
diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch
new file mode 100644
index 0000000000..fa2e8530b2
--- /dev/null
+++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch
@@ -0,0 +1,105 @@
+Partially fix CVE-2014-9112, part 4/5. Backported to 2.11.
+
+From fd262d116c4564c1796be9be2799619cf7785d07 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org.ua>
+Date: Thu, 11 Dec 2014 10:51:21 +0000
+Subject: Fix error recovery in copy-in mode
+
+* src/copyin.c (copyin_link): Fix null dereference.
+(read_in_header): Fix error recovery (bug introduced by
+27e0ae55).
+* tests/symlink-bad-length.at: Test error recovery.
+Catch various architecture-dependent error messages (suggested
+by Pavel Raiskup).
+---
+diff --git a/src/copyin.c b/src/copyin.c
+index 264bfcb..ca12356 100644
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -655,7 +655,7 @@ copyin_device (struct cpio_file_stat* file_hdr)
+ }
+
+ static void
+-copyin_link(struct cpio_file_stat *file_hdr, int in_file_des)
++copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
+ {
+ char *link_name = NULL; /* Name of hard and symbolic links. */
+ int res; /* Result of various function calls. */
+@@ -666,6 +666,8 @@ copyin_link(struct cpio_file_stat *file_
+ if (archive_format != arf_tar && archive_format != arf_ustar)
+ {
+ link_name = get_link_name (file_hdr, in_file_des);
++ if (!link_name)
++ return;
+ }
+ else
+ {
+@@ -1017,7 +1019,7 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
+
+ file_hdr->c_tar_linkname = NULL;
+
+- tape_buffered_read (magic.str, in_des, 6L);
++ tape_buffered_read (magic.str, in_des, sizeof (magic.str));
+ while (1)
+ {
+ if (append_flag)
+@@ -1062,8 +1064,8 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
+ break;
+ }
+ bytes_skipped++;
+- memmove (magic.str, magic.str + 1, 5);
+- tape_buffered_read (magic.str, in_des, 1L);
++ memmove (magic.str, magic.str + 1, sizeof (magic.str) - 1);
++ tape_buffered_read (magic.str + sizeof (magic.str) - 1, in_des, 1L);
+ }
+ }
+
+diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
+index cbf4aa7..4dbeaa3 100644
+--- a/tests/symlink-bad-length.at
++++ b/tests/symlink-bad-length.at
+@@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length])
+ AT_KEYWORDS([symlink-long copyout])
+
+ AT_DATA([ARCHIVE.base64],
+-[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv
+-JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF
+-UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk
++AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA
++c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+@@ -37,13 +37,23 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+
+ AT_CHECK([
+ base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
+-cpio -ntv < ARCHIVE
+-test $? -eq 2
++TZ=UTC cpio -ntv < ARCHIVE 2>stderr
++rc=$?
++cat stderr | grep -v \
++ -e 'stored filename length is out of range' \
++ -e 'premature end of file' \
++ -e 'archive header has reverse byte-order' \
++ -e 'memory exhausted' \
++ >&2
++echo >&2 STDERR
++test "$rc" -ne 0
+ ],
+-[0],
+-[-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE
+-],[cpio: LINK: stored filename length is out of range
+-cpio: premature end of file
++[1],
++[-rw-rw-r-- 1 1000 100 13 Dec 11 09:02 FILE
++-rw-r--r-- 1 1000 100 18 Dec 11 10:13 FILE2
++],[cpio: warning: skipped 4 bytes of junk
++1 block
++STDERR
+ ])
+
+ AT_CLEANUP
+--
+cgit v0.9.0.2