diff options
Diffstat (limited to 'gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch')
| -rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch | 105 |
1 files changed, 0 insertions, 105 deletions
diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch deleted file mode 100644 index fa2e8530b2..0000000000 --- a/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch +++ /dev/null @@ -1,105 +0,0 @@ -Partially fix CVE-2014-9112, part 4/5. Backported to 2.11. - -From fd262d116c4564c1796be9be2799619cf7785d07 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff <gray@gnu.org.ua> -Date: Thu, 11 Dec 2014 10:51:21 +0000 -Subject: Fix error recovery in copy-in mode - -* src/copyin.c (copyin_link): Fix null dereference. -(read_in_header): Fix error recovery (bug introduced by -27e0ae55). -* tests/symlink-bad-length.at: Test error recovery. -Catch various architecture-dependent error messages (suggested -by Pavel Raiskup). ---- -diff --git a/src/copyin.c b/src/copyin.c -index 264bfcb..ca12356 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -655,7 +655,7 @@ copyin_device (struct cpio_file_stat* file_hdr) - } - - static void --copyin_link(struct cpio_file_stat *file_hdr, int in_file_des) -+copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) - { - char *link_name = NULL; /* Name of hard and symbolic links. */ - int res; /* Result of various function calls. */ -@@ -666,6 +666,8 @@ copyin_link(struct cpio_file_stat *file_ - if (archive_format != arf_tar && archive_format != arf_ustar) - { - link_name = get_link_name (file_hdr, in_file_des); -+ if (!link_name) -+ return; - } - else - { -@@ -1017,7 +1019,7 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) - - file_hdr->c_tar_linkname = NULL; - -- tape_buffered_read (magic.str, in_des, 6L); -+ tape_buffered_read (magic.str, in_des, sizeof (magic.str)); - while (1) - { - if (append_flag) -@@ -1062,8 +1064,8 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) - break; - } - bytes_skipped++; -- memmove (magic.str, magic.str + 1, 5); -- tape_buffered_read (magic.str, in_des, 1L); -+ memmove (magic.str, magic.str + 1, sizeof (magic.str) - 1); -+ tape_buffered_read (magic.str + sizeof (magic.str) - 1, in_des, 1L); - } - } - -diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at -index cbf4aa7..4dbeaa3 100644 ---- a/tests/symlink-bad-length.at -+++ b/tests/symlink-bad-length.at -@@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length]) - AT_KEYWORDS([symlink-long copyout]) - - AT_DATA([ARCHIVE.base64], --[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv --JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF --UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -+[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk -+AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA -+c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -@@ -37,13 +37,23 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= - - AT_CHECK([ - base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST --cpio -ntv < ARCHIVE --test $? -eq 2 -+TZ=UTC cpio -ntv < ARCHIVE 2>stderr -+rc=$? -+cat stderr | grep -v \ -+ -e 'stored filename length is out of range' \ -+ -e 'premature end of file' \ -+ -e 'archive header has reverse byte-order' \ -+ -e 'memory exhausted' \ -+ >&2 -+echo >&2 STDERR -+test "$rc" -ne 0 - ], --[0], --[-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE --],[cpio: LINK: stored filename length is out of range --cpio: premature end of file -+[1], -+[-rw-rw-r-- 1 1000 100 13 Dec 11 09:02 FILE -+-rw-r--r-- 1 1000 100 18 Dec 11 10:13 FILE2 -+],[cpio: warning: skipped 4 bytes of junk -+1 block -+STDERR - ]) - - AT_CLEANUP --- -cgit v0.9.0.2 |