libarchive/contribs9/CVE-2011-1778.patch

diff -up libarchive-2.8.3/libarchive/archive_read_support_format_tar.c.CVE-2011-1778 libarchive-2.8.3/libarchive/archive_read_support_format_tar.c
--- libarchive-2.8.3/libarchive/archive_read_support_format_tar.c.CVE-2011-1778 2010-01-17 01:21:10.000000000 +0100
+++ libarchive-2.8.3/libarchive/archive_read_support_format_tar.c       2011-10-03 13:07:42.000000000 +0200
@@ -175,14 +175,15 @@ struct tar {
 static ssize_t UTF8_mbrtowc(wchar_t *pwc, const char *s, size_t n);
 static int     archive_block_is_null(const unsigned char *p);
 static char    *base64_decode(const char *, size_t, size_t *);
-static void     gnu_add_sparse_entry(struct tar *,
+static int     gnu_add_sparse_entry(struct archive_read *, struct tar *,
                    off_t offset, off_t remaining);
 static void    gnu_clear_sparse_list(struct tar *);
 static int     gnu_sparse_old_read(struct archive_read *, struct tar *,
                    const struct archive_entry_header_gnutar *header);
-static void    gnu_sparse_old_parse(struct tar *,
+static int     gnu_sparse_old_parse(struct archive_read *a, struct tar *,
                    const struct gnu_sparse *sparse, int length);
-static int     gnu_sparse_01_parse(struct tar *, const char *);
+static int     gnu_sparse_01_parse(struct archive_read *, struct tar *,
+                   const char *);
 static ssize_t gnu_sparse_10_read(struct archive_read *, struct tar *);
 static int     header_Solaris_ACL(struct archive_read *,  struct tar *,
                    struct archive_entry *, const void *);
@@ -212,8 +213,8 @@ static int  archive_read_format_tar_skip(
 static int     archive_read_format_tar_read_header(struct archive_read *,
                    struct archive_entry *);
 static int     checksum(struct archive_read *, const void *);
-static int     pax_attribute(struct tar *, struct archive_entry *,
-                   char *key, char *value);
+static int     pax_attribute(struct archive_read *, struct tar *,
+                   struct archive_entry *, char *key, char *value);
 static int     pax_header(struct archive_read *, struct tar *,
                    struct archive_entry *, char *attr);
 static void    pax_time(const char *, int64_t *sec, long *nanos);
@@ -419,7 +420,9 @@ archive_read_format_tar_read_header(stru
         * a single block.
         */
        if (tar->sparse_list == NULL)
-               gnu_add_sparse_entry(tar, 0, tar->entry_bytes_remaining);
+               if (gnu_add_sparse_entry(a, tar, 0, tar->entry_bytes_remaining)
+                   != ARCHIVE_OK)
+                       return (ARCHIVE_FATAL);
 
        if (r == ARCHIVE_OK) {
                /*
@@ -1269,7 +1272,7 @@ pax_header(struct archive_read *a, struc
                value = p + 1;
 
                /* Identify this attribute and set it in the entry. */
-               err2 = pax_attribute(tar, entry, key, value);
+               err2 = pax_attribute(a, tar, entry, key, value);
                err = err_combine(err, err2);
 
                /* Skip to next line */
@@ -1395,8 +1398,8 @@ pax_attribute_xattr(struct archive_entry
  * any of them look useful.
  */
 static int
-pax_attribute(struct tar *tar, struct archive_entry *entry,
-    char *key, char *value)
+pax_attribute(struct archive_read *a, struct tar *tar,
+       struct archive_entry *entry, char *key, char *value)
 {
        int64_t s;
        long n;
@@ -1414,8 +1417,10 @@ pax_attribute(struct tar *tar, struct ar
                if (strcmp(key, "GNU.sparse.offset") == 0) {
                        tar->sparse_offset = tar_atol10(value, strlen(value));
                        if (tar->sparse_numbytes != -1) {
-                               gnu_add_sparse_entry(tar,
-                                   tar->sparse_offset, tar->sparse_numbytes);
+                               if (gnu_add_sparse_entry(a, tar,
+                                   tar->sparse_offset, tar->sparse_numbytes)
+                                   != ARCHIVE_OK)
+                                       return(ARCHIVE_FATAL);
                                tar->sparse_offset = -1;
                                tar->sparse_numbytes = -1;
                        }
@@ -1423,8 +1428,10 @@ pax_attribute(struct tar *tar, struct ar
                if (strcmp(key, "GNU.sparse.numbytes") == 0) {
                        tar->sparse_numbytes = tar_atol10(value, strlen(value));
                        if (tar->sparse_numbytes != -1) {
-                               gnu_add_sparse_entry(tar,
-                                   tar->sparse_offset, tar->sparse_numbytes);
+                               if (gnu_add_sparse_entry(a, tar,
+                                   tar->sparse_offset, tar->sparse_numbytes)
+                                   != ARCHIVE_OK)
+                                       return (ARCHIVE_FATAL);
                                tar->sparse_offset = -1;
                                tar->sparse_numbytes = -1;
                        }
@@ -1438,7 +1445,7 @@ pax_attribute(struct tar *tar, struct ar
                if (strcmp(key, "GNU.sparse.map") == 0) {
                        tar->sparse_gnu_major = 0;
                        tar->sparse_gnu_minor = 1;
-                       if (gnu_sparse_01_parse(tar, value) != ARCHIVE_OK)
+                       if (gnu_sparse_01_parse(a, tar, value) != ARCHIVE_OK)
                                return (ARCHIVE_WARN);
                }
 
@@ -1716,7 +1723,8 @@ header_gnutar(struct archive_read *a, st
        }
 
        if (header->sparse[0].offset[0] != 0) {
-               gnu_sparse_old_read(a, tar, header);
+               if (gnu_sparse_old_read(a, tar, header) != ARCHIVE_OK)
+                       return (ARCHIVE_FATAL);
        } else {
                if (header->isextended[0] != 0) {
                        /* XXX WTF? XXX */
@@ -1726,14 +1734,17 @@ header_gnutar(struct archive_read *a, st
        return (0);
 }
 
-static void
-gnu_add_sparse_entry(struct tar *tar, off_t offset, off_t remaining)
+static int
+gnu_add_sparse_entry(struct archive_read *a, struct tar *tar, off_t offset,
+       off_t remaining)
 {
        struct sparse_block *p;
 
        p = (struct sparse_block *)malloc(sizeof(*p));
-       if (p == NULL)
-               __archive_errx(1, "Out of memory");
+       if (p == NULL) {
+               archive_set_error(&a->archive, ENOMEM, "Out of memory");
+               return (ARCHIVE_FATAL);
+       }
        memset(p, 0, sizeof(*p));
        if (tar->sparse_last != NULL)
                tar->sparse_last->next = p;
@@ -1742,6 +1753,7 @@ gnu_add_sparse_entry(struct tar *tar, of
        tar->sparse_last = p;
        p->offset = offset;
        p->remaining = remaining;
+       return (ARCHIVE_OK);
 }
 
 static void
@@ -1782,7 +1794,8 @@ gnu_sparse_old_read(struct archive_read
        };
        const struct extended *ext;
 
-       gnu_sparse_old_parse(tar, header->sparse, 4);
+       if (gnu_sparse_old_parse(a, tar, header->sparse, 4) != ARCHIVE_OK)
+               return (ARCHIVE_FATAL);
        if (header->isextended[0] == 0)
                return (ARCHIVE_OK);
 
@@ -1798,24 +1811,28 @@ gnu_sparse_old_read(struct archive_read
                }
                __archive_read_consume(a, 512);
                ext = (const struct extended *)data;
-               gnu_sparse_old_parse(tar, ext->sparse, 21);
+               if (gnu_sparse_old_parse(a, tar, ext->sparse, 21) != ARCHIVE_OK)
+                       return (ARCHIVE_FATAL);
        } while (ext->isextended[0] != 0);
        if (tar->sparse_list != NULL)
                tar->entry_offset = tar->sparse_list->offset;
        return (ARCHIVE_OK);
 }
 
-static void
-gnu_sparse_old_parse(struct tar *tar,
+static int
+gnu_sparse_old_parse(struct archive_read *a, struct tar *tar,
     const struct gnu_sparse *sparse, int length)
 {
        while (length > 0 && sparse->offset[0] != 0) {
-               gnu_add_sparse_entry(tar,
+               if (gnu_add_sparse_entry(a, tar,
                    tar_atol(sparse->offset, sizeof(sparse->offset)),
-                   tar_atol(sparse->numbytes, sizeof(sparse->numbytes)));
+                   tar_atol(sparse->numbytes, sizeof(sparse->numbytes)))
+                   != ARCHIVE_OK)
+                       return (ARCHIVE_FATAL);
                sparse++;
                length--;
        }
+       return (ARCHIVE_OK);
 }
 
 /*
@@ -1845,7 +1862,7 @@ gnu_sparse_old_parse(struct tar *tar,
  */
 
 static int
-gnu_sparse_01_parse(struct tar *tar, const char *p)
+gnu_sparse_01_parse(struct archive_read *a, struct tar *tar, const char *p)
 {
        const char *e;
        off_t offset = -1, size = -1;
@@ -1865,7 +1882,9 @@ gnu_sparse_01_parse(struct tar *tar, con
                        size = tar_atol10(p, e - p);
                        if (size < 0)
                                return (ARCHIVE_WARN);
-                       gnu_add_sparse_entry(tar, offset, size);
+                       if (gnu_add_sparse_entry(a, tar, offset, size)
+                           != ARCHIVE_OK)
+                               return (ARCHIVE_FATAL);
                        offset = -1;
                }
                if (*e == '\0')
@@ -1969,7 +1988,8 @@ gnu_sparse_10_read(struct archive_read *
                if (size < 0)
                        return (ARCHIVE_FATAL);
                /* Add a new sparse entry. */
-               gnu_add_sparse_entry(tar, offset, size);
+               if (gnu_add_sparse_entry(a, tar, offset, size) != ARCHIVE_OK)
+                       return (ARCHIVE_FATAL);
        }
        /* Skip rest of block... */
        bytes_read = tar->entry_bytes_remaining - remaining;
1	diff -up libarchive-2.8.3/libarchive/archive_read_support_format_tar.c.CVE-2011-1778 libarchive-2.8.3/libarchive/archive_read_support_format_tar.c
2	--- libarchive-2.8.3/libarchive/archive_read_support_format_tar.c.CVE-2011-1778 2010-01-17 01:21:10.000000000 +0100
3	+++ libarchive-2.8.3/libarchive/archive_read_support_format_tar.c 2011-10-03 13:07:42.000000000 +0200
4	@@ -175,14 +175,15 @@ struct tar {
5	static ssize_t UTF8_mbrtowc(wchar_t pwc, const char s, size_t n);
6	static int archive_block_is_null(const unsigned char *p);
7	static char base64_decode(const char , size_t, size_t *);
8	-static void gnu_add_sparse_entry(struct tar *,
9	+static int gnu_add_sparse_entry(struct archive_read , struct tar ,
10	off_t offset, off_t remaining);
11	static void gnu_clear_sparse_list(struct tar *);
12	static int gnu_sparse_old_read(struct archive_read , struct tar ,
13	const struct archive_entry_header_gnutar *header);
14	-static void gnu_sparse_old_parse(struct tar *,
15	+static int gnu_sparse_old_parse(struct archive_read a, struct tar ,
16	const struct gnu_sparse *sparse, int length);
17	-static int gnu_sparse_01_parse(struct tar , const char );
18	+static int gnu_sparse_01_parse(struct archive_read , struct tar ,
19	+ const char *);
20	static ssize_t gnu_sparse_10_read(struct archive_read , struct tar );
21	static int header_Solaris_ACL(struct archive_read , struct tar ,
22	struct archive_entry , const void );
23	@@ -212,8 +213,8 @@ static int archive_read_format_tar_skip(
24	static int archive_read_format_tar_read_header(struct archive_read *,
25	struct archive_entry *);
26	static int checksum(struct archive_read , const void );
27	-static int pax_attribute(struct tar , struct archive_entry ,
28	- char key, char value);
29	+static int pax_attribute(struct archive_read , struct tar ,
30	+ struct archive_entry , char key, char *value);
31	static int pax_header(struct archive_read , struct tar ,
32	struct archive_entry , char attr);
33	static void pax_time(const char , int64_t sec, long *nanos);
34	@@ -419,7 +420,9 @@ archive_read_format_tar_read_header(stru
35	* a single block.
36	*/
37	if (tar->sparse_list == NULL)
38	- gnu_add_sparse_entry(tar, 0, tar->entry_bytes_remaining);
39	+ if (gnu_add_sparse_entry(a, tar, 0, tar->entry_bytes_remaining)
40	+ != ARCHIVE_OK)
41	+ return (ARCHIVE_FATAL);
42
43	if (r == ARCHIVE_OK) {
44	/*
45	@@ -1269,7 +1272,7 @@ pax_header(struct archive_read *a, struc
46	value = p + 1;
47
48	/* Identify this attribute and set it in the entry. */
49	- err2 = pax_attribute(tar, entry, key, value);
50	+ err2 = pax_attribute(a, tar, entry, key, value);
51	err = err_combine(err, err2);
52
53	/* Skip to next line */
54	@@ -1395,8 +1398,8 @@ pax_attribute_xattr(struct archive_entry
55	* any of them look useful.
56	*/
57	static int
58	-pax_attribute(struct tar tar, struct archive_entry entry,
59	- char key, char value)
60	+pax_attribute(struct archive_read a, struct tar tar,
61	+ struct archive_entry entry, char key, char *value)
62	{
63	int64_t s;
64	long n;
65	@@ -1414,8 +1417,10 @@ pax_attribute(struct tar *tar, struct ar
66	if (strcmp(key, "GNU.sparse.offset") == 0) {
67	tar->sparse_offset = tar_atol10(value, strlen(value));
68	if (tar->sparse_numbytes != -1) {
69	- gnu_add_sparse_entry(tar,
70	- tar->sparse_offset, tar->sparse_numbytes);
71	+ if (gnu_add_sparse_entry(a, tar,
72	+ tar->sparse_offset, tar->sparse_numbytes)
73	+ != ARCHIVE_OK)
74	+ return(ARCHIVE_FATAL);
75	tar->sparse_offset = -1;
76	tar->sparse_numbytes = -1;
77	}
78	@@ -1423,8 +1428,10 @@ pax_attribute(struct tar *tar, struct ar
79	if (strcmp(key, "GNU.sparse.numbytes") == 0) {
80	tar->sparse_numbytes = tar_atol10(value, strlen(value));
81	if (tar->sparse_numbytes != -1) {
82	- gnu_add_sparse_entry(tar,
83	- tar->sparse_offset, tar->sparse_numbytes);
84	+ if (gnu_add_sparse_entry(a, tar,
85	+ tar->sparse_offset, tar->sparse_numbytes)
86	+ != ARCHIVE_OK)
87	+ return (ARCHIVE_FATAL);
88	tar->sparse_offset = -1;
89	tar->sparse_numbytes = -1;
90	}
91	@@ -1438,7 +1445,7 @@ pax_attribute(struct tar *tar, struct ar
92	if (strcmp(key, "GNU.sparse.map") == 0) {
93	tar->sparse_gnu_major = 0;
94	tar->sparse_gnu_minor = 1;
95	- if (gnu_sparse_01_parse(tar, value) != ARCHIVE_OK)
96	+ if (gnu_sparse_01_parse(a, tar, value) != ARCHIVE_OK)
97	return (ARCHIVE_WARN);
98	}
99
100	@@ -1716,7 +1723,8 @@ header_gnutar(struct archive_read *a, st
101	}
102
103	if (header->sparse[0].offset[0] != 0) {
104	- gnu_sparse_old_read(a, tar, header);
105	+ if (gnu_sparse_old_read(a, tar, header) != ARCHIVE_OK)
106	+ return (ARCHIVE_FATAL);
107	} else {
108	if (header->isextended[0] != 0) {
109	/* XXX WTF? XXX */
110	@@ -1726,14 +1734,17 @@ header_gnutar(struct archive_read *a, st
111	return (0);
112	}
113
114	-static void
115	-gnu_add_sparse_entry(struct tar *tar, off_t offset, off_t remaining)
116	+static int
117	+gnu_add_sparse_entry(struct archive_read a, struct tar tar, off_t offset,
118	+ off_t remaining)
119	{
120	struct sparse_block *p;
121
122	p = (struct sparse_block )malloc(sizeof(p));
123	- if (p == NULL)
124	- __archive_errx(1, "Out of memory");
125	+ if (p == NULL) {
126	+ archive_set_error(&a->archive, ENOMEM, "Out of memory");
127	+ return (ARCHIVE_FATAL);
128	+ }
129	memset(p, 0, sizeof(*p));
130	if (tar->sparse_last != NULL)
131	tar->sparse_last->next = p;
132	@@ -1742,6 +1753,7 @@ gnu_add_sparse_entry(struct tar *tar, of
133	tar->sparse_last = p;
134	p->offset = offset;
135	p->remaining = remaining;
136	+ return (ARCHIVE_OK);
137	}
138
139	static void
140	@@ -1782,7 +1794,8 @@ gnu_sparse_old_read(struct archive_read
141	};
142	const struct extended *ext;
143
144	- gnu_sparse_old_parse(tar, header->sparse, 4);
145	+ if (gnu_sparse_old_parse(a, tar, header->sparse, 4) != ARCHIVE_OK)
146	+ return (ARCHIVE_FATAL);
147	if (header->isextended[0] == 0)
148	return (ARCHIVE_OK);
149
150	@@ -1798,24 +1811,28 @@ gnu_sparse_old_read(struct archive_read
151	}
152	__archive_read_consume(a, 512);
153	ext = (const struct extended *)data;
154	- gnu_sparse_old_parse(tar, ext->sparse, 21);
155	+ if (gnu_sparse_old_parse(a, tar, ext->sparse, 21) != ARCHIVE_OK)
156	+ return (ARCHIVE_FATAL);
157	} while (ext->isextended[0] != 0);
158	if (tar->sparse_list != NULL)
159	tar->entry_offset = tar->sparse_list->offset;
160	return (ARCHIVE_OK);
161	}
162
163	-static void
164	-gnu_sparse_old_parse(struct tar *tar,
165	+static int
166	+gnu_sparse_old_parse(struct archive_read a, struct tar tar,
167	const struct gnu_sparse *sparse, int length)
168	{
169	while (length > 0 && sparse->offset[0] != 0) {
170	- gnu_add_sparse_entry(tar,
171	+ if (gnu_add_sparse_entry(a, tar,
172	tar_atol(sparse->offset, sizeof(sparse->offset)),
173	- tar_atol(sparse->numbytes, sizeof(sparse->numbytes)));
174	+ tar_atol(sparse->numbytes, sizeof(sparse->numbytes)))
175	+ != ARCHIVE_OK)
176	+ return (ARCHIVE_FATAL);
177	sparse++;
178	length--;
179	}
180	+ return (ARCHIVE_OK);
181	}
182
183	/*
184	@@ -1845,7 +1862,7 @@ gnu_sparse_old_parse(struct tar *tar,
185	*/
186
187	static int
188	-gnu_sparse_01_parse(struct tar tar, const char p)
189	+gnu_sparse_01_parse(struct archive_read a, struct tar tar, const char *p)
190	{
191	const char *e;
192	off_t offset = -1, size = -1;
193	@@ -1865,7 +1882,9 @@ gnu_sparse_01_parse(struct tar *tar, con
194	size = tar_atol10(p, e - p);
195	if (size < 0)
196	return (ARCHIVE_WARN);
197	- gnu_add_sparse_entry(tar, offset, size);
198	+ if (gnu_add_sparse_entry(a, tar, offset, size)
199	+ != ARCHIVE_OK)
200	+ return (ARCHIVE_FATAL);
201	offset = -1;
202	}
203	if (*e == '\0')
204	@@ -1969,7 +1988,8 @@ gnu_sparse_10_read(struct archive_read *
205	if (size < 0)
206	return (ARCHIVE_FATAL);
207	/* Add a new sparse entry. */
208	- gnu_add_sparse_entry(tar, offset, size);
209	+ if (gnu_add_sparse_entry(a, tar, offset, size) != ARCHIVE_OK)
210	+ return (ARCHIVE_FATAL);
211	}
212	/* Skip rest of block... */
213	bytes_read = tar->entry_bytes_remaining - remaining;