/[smecontribs]/rpms/libarchive/contribs9/CVE-2011-1777.patch
ViewVC logotype

Contents of /rpms/libarchive/contribs9/CVE-2011-1777.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Sun Apr 8 03:27:37 2018 UTC (6 years, 7 months ago) by jpp
Branch: MAIN
CVS Tags: libarchive-2_8_5-1_el6_sme, libarchive-2_8_5-0_el6_sme, HEAD
sources

1 Index: libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c
2 ===================================================================
3 --- libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c
4 +++ libarchive-2.8.4/libarchive/archive_read_support_format_iso9660.c 2012-01-01 03:11:38.424123879 +0200
5 @@ -405,12 +405,12 @@
6 static inline void cache_add_to_next_of_parent(struct iso9660 *iso9660,
7 struct file_info *file);
8 static inline struct file_info *cache_get_entry(struct iso9660 *iso9660);
9 -static void heap_add_entry(struct heap_queue *heap,
10 +static int heap_add_entry(struct archive_read *a, struct heap_queue *heap,
11 struct file_info *file, uint64_t key);
12 static struct file_info *heap_get_entry(struct heap_queue *heap);
13
14 -#define add_entry(iso9660, file) \
15 - heap_add_entry(&((iso9660)->pending_files), file, file->offset)
16 +#define add_entry(arch, iso9660, file) \
17 + heap_add_entry(arch, &((iso9660)->pending_files), file, file->offset)
18 #define next_entry(iso9660) \
19 heap_get_entry(&((iso9660)->pending_files))
20
21 @@ -967,10 +967,11 @@
22 child = parse_file_info(a, parent, p);
23 if (child == NULL)
24 return (ARCHIVE_FATAL);
25 - if (child->cl_offset)
26 - heap_add_entry(&(iso9660->cl_files),
27 - child, child->cl_offset);
28 - else {
29 + if (child->cl_offset) {
30 + if (heap_add_entry(a, &(iso9660->cl_files),
31 + child, child->cl_offset) != ARCHIVE_OK)
32 + return (ARCHIVE_FATAL);
33 + } else {
34 if (child->multi_extent || multi != NULL) {
35 struct content *con;
36
37 @@ -993,15 +994,19 @@
38 con->next = NULL;
39 *multi->contents.last = con;
40 multi->contents.last = &(con->next);
41 - if (multi == child)
42 - add_entry(iso9660, child);
43 - else {
44 + if (multi == child) {
45 + if (add_entry(a, iso9660, child)
46 + != ARCHIVE_OK)
47 + return (ARCHIVE_FATAL);
48 + } else {
49 multi->size += child->size;
50 if (!child->multi_extent)
51 multi = NULL;
52 }
53 } else
54 - add_entry(iso9660, child);
55 + if (add_entry(a, iso9660, child)
56 + != ARCHIVE_OK)
57 + return (ARCHIVE_FATAL);
58 }
59 }
60 }
61 @@ -1014,7 +1019,8 @@
62 }
63
64 static int
65 -relocate_dir(struct iso9660 *iso9660, struct file_info *file)
66 +relocate_dir(struct archive_read *a, struct iso9660 *iso9660,
67 + struct file_info *file)
68 {
69 struct file_info *re;
70
71 @@ -1036,7 +1042,9 @@
72 return (1);
73 } else
74 /* This case is wrong pattern. */
75 - heap_add_entry(&(iso9660->re_dirs), re, re->offset);
76 + if (heap_add_entry(a, &(iso9660->re_dirs), re, re->offset)
77 + != ARCHIVE_OK)
78 + return (ARCHIVE_FATAL);
79 return (0);
80 }
81
82 @@ -1062,21 +1070,24 @@
83 (strcmp(file->name.s, "rr_moved") == 0 ||
84 strcmp(file->name.s, ".rr_moved") == 0)) {
85 iso9660->rr_moved = file;
86 - } else if (file->re)
87 - heap_add_entry(&(iso9660->re_dirs), file,
88 - file->offset);
89 - else
90 + } else if (file->re) {
91 + if (heap_add_entry(a, &(iso9660->re_dirs), file,
92 + file->offset) != ARCHIVE_OK)
93 + return (ARCHIVE_FATAL);
94 + } else
95 cache_add_entry(iso9660, file);
96 }
97 if (file != NULL)
98 - add_entry(iso9660, file);
99 + if (add_entry(a, iso9660, file) != ARCHIVE_OK)
100 + return (ARCHIVE_FATAL);
101
102 if (iso9660->rr_moved != NULL) {
103 /*
104 * Relocate directory which rr_moved has.
105 */
106 while ((file = heap_get_entry(&(iso9660->cl_files))) != NULL)
107 - relocate_dir(iso9660, file);
108 + if (relocate_dir(a, iso9660, file) != ARCHIVE_OK)
109 + return ARCHIVE_FATAL;
110
111 /* If rr_moved directory still has children,
112 * Add rr_moved into pending_files to show
113 @@ -1192,7 +1203,8 @@
114 iso9660->seenJoliet = seenJoliet;
115 }
116 /* Store the root directory in the pending list. */
117 - add_entry(iso9660, file);
118 + if (add_entry(a, iso9660, file) != ARCHIVE_OK)
119 + return (ARCHIVE_FATAL);
120 if (iso9660->seenRockridge) {
121 a->archive.archive_format =
122 ARCHIVE_FORMAT_ISO9660_ROCKRIDGE;
123 @@ -2619,8 +2631,8 @@
124 return (file);
125 }
126
127 -static void
128 -heap_add_entry(struct heap_queue *heap, struct file_info *file, uint64_t key)
129 +static int
130 +heap_add_entry(struct archive_read *a, struct heap_queue *heap, struct file_info *file, uint64_t key)
131 {
132 uint64_t file_key, parent_key;
133 int hole, parent;
134 @@ -2633,12 +2645,18 @@
135 if (heap->allocated < 1024)
136 new_size = 1024;
137 /* Overflow might keep us from growing the list. */
138 - if (new_size <= heap->allocated)
139 - __archive_errx(1, "Out of memory");
140 + if (new_size <= heap->allocated) {
141 + archive_set_error(&a->archive,
142 + ENOMEM, "Out of memory");
143 + return (ARCHIVE_FATAL);
144 + }
145 new_pending_files = (struct file_info **)
146 malloc(new_size * sizeof(new_pending_files[0]));
147 - if (new_pending_files == NULL)
148 - __archive_errx(1, "Out of memory");
149 + if (new_pending_files == NULL) {
150 + archive_set_error(&a->archive,
151 + ENOMEM, "Out of memory");
152 + return (ARCHIVE_FATAL);
153 + }
154 memcpy(new_pending_files, heap->files,
155 heap->allocated * sizeof(new_pending_files[0]));
156 if (heap->files != NULL)
157 @@ -2658,13 +2676,15 @@
158 parent_key = heap->files[parent]->key;
159 if (file_key >= parent_key) {
160 heap->files[hole] = file;
161 - return;
162 + return (ARCHIVE_OK);
163 }
164 // Move parent into hole <==> move hole up tree.
165 heap->files[hole] = heap->files[parent];
166 hole = parent;
167 }
168 heap->files[0] = file;
169 +
170 + return (ARCHIVE_OK);
171 }
172
173 static struct file_info *

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed