libarchive/contribs9/CVE-2011-1777.patch

Index: libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c
===================================================================
--- libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c
+++ libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c   2012-01-01 03:11:38.424123879 +0200
@@ -405,12 +405,12 @@
 static inline void cache_add_to_next_of_parent(struct iso9660 *iso9660,
                    struct file_info *file);
 static inline struct file_info *cache_get_entry(struct iso9660 *iso9660);
-static void    heap_add_entry(struct heap_queue *heap,
+static int     heap_add_entry(struct archive_read *a, struct heap_queue *heap,
                    struct file_info *file, uint64_t key);
 static struct file_info *heap_get_entry(struct heap_queue *heap);
 
-#define add_entry(iso9660, file)       \
-       heap_add_entry(&((iso9660)->pending_files), file, file->offset)
+#define add_entry(arch, iso9660, file) \
+       heap_add_entry(arch, &((iso9660)->pending_files), file, file->offset)
 #define next_entry(iso9660)            \
        heap_get_entry(&((iso9660)->pending_files))
 
@@ -967,10 +967,11 @@
                        child = parse_file_info(a, parent, p);
                        if (child == NULL)
                                return (ARCHIVE_FATAL);
-                       if (child->cl_offset)
-                               heap_add_entry(&(iso9660->cl_files),
-                                   child, child->cl_offset);
-                       else {
+                       if (child->cl_offset) {
+                               if (heap_add_entry(a, &(iso9660->cl_files),
+                                   child, child->cl_offset) != ARCHIVE_OK)
+                                       return (ARCHIVE_FATAL);
+                       } else {
                                if (child->multi_extent || multi != NULL) {
                                        struct content *con;
 
@@ -993,15 +994,19 @@
                                        con->next = NULL;
                                        *multi->contents.last = con;
                                        multi->contents.last = &(con->next);
-                                       if (multi == child)
-                                               add_entry(iso9660, child);
-                                       else {
+                                       if (multi == child) {
+                                               if (add_entry(a, iso9660, child)
+                                                   != ARCHIVE_OK)
+                                                       return (ARCHIVE_FATAL);
+                                       } else {
                                                multi->size += child->size;
                                                if (!child->multi_extent)
                                                        multi = NULL;
                                        }
                                } else
-                                       add_entry(iso9660, child);
+                                       if (add_entry(a, iso9660, child)
+                                           != ARCHIVE_OK)
+                                               return (ARCHIVE_FATAL);
                        }
                }
        }
@@ -1014,7 +1019,8 @@
 }
 
 static int
-relocate_dir(struct iso9660 *iso9660, struct file_info *file)
+relocate_dir(struct archive_read *a, struct iso9660 *iso9660,
+       struct file_info *file)
 {
        struct file_info *re;
 
@@ -1036,7 +1042,9 @@
                return (1);
        } else
                /* This case is wrong pattern. */
-               heap_add_entry(&(iso9660->re_dirs), re, re->offset);
+               if (heap_add_entry(a, &(iso9660->re_dirs), re, re->offset)
+                   != ARCHIVE_OK)
+                       return (ARCHIVE_FATAL);
        return (0);
 }
 
@@ -1062,21 +1070,24 @@
                    (strcmp(file->name.s, "rr_moved") == 0 ||
                     strcmp(file->name.s, ".rr_moved") == 0)) {
                        iso9660->rr_moved = file;
-               } else if (file->re)
-                       heap_add_entry(&(iso9660->re_dirs), file,
-                           file->offset);
-               else
+               } else if (file->re) {
+                       if (heap_add_entry(a, &(iso9660->re_dirs), file,
+                           file->offset) != ARCHIVE_OK)
+                               return (ARCHIVE_FATAL);
+               } else
                        cache_add_entry(iso9660, file);
        }
        if (file != NULL)
-               add_entry(iso9660, file);
+               if (add_entry(a, iso9660, file) != ARCHIVE_OK)
+                       return (ARCHIVE_FATAL);
 
        if (iso9660->rr_moved != NULL) {
                /*
                 * Relocate directory which rr_moved has.
                 */
                while ((file = heap_get_entry(&(iso9660->cl_files))) != NULL)
-                       relocate_dir(iso9660, file);
+                       if (relocate_dir(a, iso9660, file) != ARCHIVE_OK)
+                               return ARCHIVE_FATAL;
 
                /* If rr_moved directory still has children,
                 * Add rr_moved into pending_files to show
@@ -1192,7 +1203,8 @@
                        iso9660->seenJoliet = seenJoliet;
                }
                /* Store the root directory in the pending list. */
-               add_entry(iso9660, file);
+               if (add_entry(a, iso9660, file) != ARCHIVE_OK)
+                       return (ARCHIVE_FATAL);
                if (iso9660->seenRockridge) {
                        a->archive.archive_format =
                            ARCHIVE_FORMAT_ISO9660_ROCKRIDGE;
@@ -2619,8 +2631,8 @@
        return (file);
 }
 
-static void
-heap_add_entry(struct heap_queue *heap, struct file_info *file, uint64_t key)
+static int
+heap_add_entry(struct archive_read *a, struct heap_queue *heap, struct file_info *file, uint64_t key)
 {
        uint64_t file_key, parent_key;
        int hole, parent;
@@ -2633,12 +2645,18 @@
                if (heap->allocated < 1024)
                        new_size = 1024;
                /* Overflow might keep us from growing the list. */
-               if (new_size <= heap->allocated)
-                       __archive_errx(1, "Out of memory");
+               if (new_size <= heap->allocated) {
+                       archive_set_error(&a->archive,
+                           ENOMEM, "Out of memory");
+                       return (ARCHIVE_FATAL);
+               }
                new_pending_files = (struct file_info **)
                    malloc(new_size * sizeof(new_pending_files[0]));
-               if (new_pending_files == NULL)
-                       __archive_errx(1, "Out of memory");
+               if (new_pending_files == NULL) {
+                       archive_set_error(&a->archive,
+                           ENOMEM, "Out of memory");
+                       return (ARCHIVE_FATAL);
+               }
                memcpy(new_pending_files, heap->files,
                    heap->allocated * sizeof(new_pending_files[0]));
                if (heap->files != NULL)
@@ -2658,13 +2676,15 @@
                parent_key = heap->files[parent]->key;
                if (file_key >= parent_key) {
                        heap->files[hole] = file;
-                       return;
+                       return (ARCHIVE_OK);
                }
                // Move parent into hole <==> move hole up tree.
                heap->files[hole] = heap->files[parent];
                hole = parent;
        }
        heap->files[0] = file;
+
+       return (ARCHIVE_OK);
 }
 
 static struct file_info *
1	jpp	1.1	Index: libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c
2			===================================================================
3			--- libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c
4			+++ libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c 2012-01-01 03:11:38.424123879 +0200
5			@@ -405,12 +405,12 @@
6			static inline void cache_add_to_next_of_parent(struct iso9660 *iso9660,
7			struct file_info *file);
8			static inline struct file_info cache_get_entry(struct iso9660 iso9660);
9			-static void heap_add_entry(struct heap_queue *heap,
10			+static int heap_add_entry(struct archive_read a, struct heap_queue heap,
11			struct file_info *file, uint64_t key);
12			static struct file_info heap_get_entry(struct heap_queue heap);
13
14			-#define add_entry(iso9660, file) \
15			- heap_add_entry(&((iso9660)->pending_files), file, file->offset)
16			+#define add_entry(arch, iso9660, file) \
17			+ heap_add_entry(arch, &((iso9660)->pending_files), file, file->offset)
18			#define next_entry(iso9660) \
19			heap_get_entry(&((iso9660)->pending_files))
20
21			@@ -967,10 +967,11 @@
22			child = parse_file_info(a, parent, p);
23			if (child == NULL)
24			return (ARCHIVE_FATAL);
25			- if (child->cl_offset)
26			- heap_add_entry(&(iso9660->cl_files),
27			- child, child->cl_offset);
28			- else {
29			+ if (child->cl_offset) {
30			+ if (heap_add_entry(a, &(iso9660->cl_files),
31			+ child, child->cl_offset) != ARCHIVE_OK)
32			+ return (ARCHIVE_FATAL);
33			+ } else {
34			if (child->multi_extent \|\| multi != NULL) {
35			struct content *con;
36
37			@@ -993,15 +994,19 @@
38			con->next = NULL;
39			*multi->contents.last = con;
40			multi->contents.last = &(con->next);
41			- if (multi == child)
42			- add_entry(iso9660, child);
43			- else {
44			+ if (multi == child) {
45			+ if (add_entry(a, iso9660, child)
46			+ != ARCHIVE_OK)
47			+ return (ARCHIVE_FATAL);
48			+ } else {
49			multi->size += child->size;
50			if (!child->multi_extent)
51			multi = NULL;
52			}
53			} else
54			- add_entry(iso9660, child);
55			+ if (add_entry(a, iso9660, child)
56			+ != ARCHIVE_OK)
57			+ return (ARCHIVE_FATAL);
58			}
59			}
60			}
61			@@ -1014,7 +1019,8 @@
62			}
63
64			static int
65			-relocate_dir(struct iso9660 iso9660, struct file_info file)
66			+relocate_dir(struct archive_read a, struct iso9660 iso9660,
67			+ struct file_info *file)
68			{
69			struct file_info *re;
70
71			@@ -1036,7 +1042,9 @@
72			return (1);
73			} else
74			/* This case is wrong pattern. */
75			- heap_add_entry(&(iso9660->re_dirs), re, re->offset);
76			+ if (heap_add_entry(a, &(iso9660->re_dirs), re, re->offset)
77			+ != ARCHIVE_OK)
78			+ return (ARCHIVE_FATAL);
79			return (0);
80			}
81
82			@@ -1062,21 +1070,24 @@
83			(strcmp(file->name.s, "rr_moved") == 0 \|\|
84			strcmp(file->name.s, ".rr_moved") == 0)) {
85			iso9660->rr_moved = file;
86			- } else if (file->re)
87			- heap_add_entry(&(iso9660->re_dirs), file,
88			- file->offset);
89			- else
90			+ } else if (file->re) {
91			+ if (heap_add_entry(a, &(iso9660->re_dirs), file,
92			+ file->offset) != ARCHIVE_OK)
93			+ return (ARCHIVE_FATAL);
94			+ } else
95			cache_add_entry(iso9660, file);
96			}
97			if (file != NULL)
98			- add_entry(iso9660, file);
99			+ if (add_entry(a, iso9660, file) != ARCHIVE_OK)
100			+ return (ARCHIVE_FATAL);
101
102			if (iso9660->rr_moved != NULL) {
103			/*
104			* Relocate directory which rr_moved has.
105			*/
106			while ((file = heap_get_entry(&(iso9660->cl_files))) != NULL)
107			- relocate_dir(iso9660, file);
108			+ if (relocate_dir(a, iso9660, file) != ARCHIVE_OK)
109			+ return ARCHIVE_FATAL;
110
111			/* If rr_moved directory still has children,
112			* Add rr_moved into pending_files to show
113			@@ -1192,7 +1203,8 @@
114			iso9660->seenJoliet = seenJoliet;
115			}
116			/* Store the root directory in the pending list. */
117			- add_entry(iso9660, file);
118			+ if (add_entry(a, iso9660, file) != ARCHIVE_OK)
119			+ return (ARCHIVE_FATAL);
120			if (iso9660->seenRockridge) {
121			a->archive.archive_format =
122			ARCHIVE_FORMAT_ISO9660_ROCKRIDGE;
123			@@ -2619,8 +2631,8 @@
124			return (file);
125			}
126
127			-static void
128			-heap_add_entry(struct heap_queue heap, struct file_info file, uint64_t key)
129			+static int
130			+heap_add_entry(struct archive_read a, struct heap_queue heap, struct file_info *file, uint64_t key)
131			{
132			uint64_t file_key, parent_key;
133			int hole, parent;
134			@@ -2633,12 +2645,18 @@
135			if (heap->allocated < 1024)
136			new_size = 1024;
137			/* Overflow might keep us from growing the list. */
138			- if (new_size <= heap->allocated)
139			- __archive_errx(1, "Out of memory");
140			+ if (new_size <= heap->allocated) {
141			+ archive_set_error(&a->archive,
142			+ ENOMEM, "Out of memory");
143			+ return (ARCHIVE_FATAL);
144			+ }
145			new_pending_files = (struct file_info **)
146			malloc(new_size * sizeof(new_pending_files[0]));
147			- if (new_pending_files == NULL)
148			- __archive_errx(1, "Out of memory");
149			+ if (new_pending_files == NULL) {
150			+ archive_set_error(&a->archive,
151			+ ENOMEM, "Out of memory");
152			+ return (ARCHIVE_FATAL);
153			+ }
154			memcpy(new_pending_files, heap->files,
155			heap->allocated * sizeof(new_pending_files[0]));
156			if (heap->files != NULL)
157			@@ -2658,13 +2676,15 @@
158			parent_key = heap->files[parent]->key;
159			if (file_key >= parent_key) {
160			heap->files[hole] = file;
161			- return;
162			+ return (ARCHIVE_OK);
163			}
164			// Move parent into hole <==> move hole up tree.
165			heap->files[hole] = heap->files[parent];
166			hole = parent;
167			}
168			heap->files[0] = file;
169			+
170			+ return (ARCHIVE_OK);
171			}
172
173			static struct file_info *