void-packages/srcpkgs/cpio/patches/0001-Fix-out-of-bounds-read...

72 lines
1.9 KiB
Diff

From d9723286ea5c32645f36baf83a7860bad46fec36 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org.ua>
Date: Thu, 10 Nov 2016 12:48:19 +0200
Subject: [PATCH 1/4] Fix out-of-bounds read
* src/copyin.c (process_copy_in): Skip records with zero filename length.
---
src/copyin.c | 41 +++++++++++++++++++++++------------------
1 file changed, 23 insertions(+), 18 deletions(-)
diff --git src/copyin.c src/copyin.c
index cde911e..05279d2 100644
--- src/copyin.c
+++ src/copyin.c
@@ -1378,30 +1378,35 @@ process_copy_in ()
}
#endif
- /* Is this the header for the TRAILER file? */
- if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)
+ if (file_hdr.c_namesize == 0)
+ skip_file = true;
+ else
{
- done = true;
- break;
- }
+ /* Is this the header for the TRAILER file? */
+ if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)
+ {
+ done = true;
+ break;
+ }
- cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
- false);
+ cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
+ false);
- /* Does the file name match one of the given patterns? */
- if (num_patterns <= 0)
- skip_file = false;
- else
- {
- skip_file = copy_matching_files;
- for (i = 0; i < num_patterns
- && skip_file == copy_matching_files; i++)
+ /* Does the file name match one of the given patterns? */
+ if (num_patterns <= 0)
+ skip_file = false;
+ else
{
- if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0)
- skip_file = !copy_matching_files;
+ skip_file = copy_matching_files;
+ for (i = 0; i < num_patterns
+ && skip_file == copy_matching_files; i++)
+ {
+ if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0)
+ skip_file = !copy_matching_files;
+ }
}
}
-
+
if (skip_file)
{
/* If we're skipping a file with links, there might be other
--
2.20.1