/[smecontribs]/rpms/libarchive/contribs9/libarchive-2.8.3-CVE-2016-5418-variation.patch
ViewVC logotype

Annotation of /rpms/libarchive/contribs9/libarchive-2.8.3-CVE-2016-5418-variation.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sun Apr 8 03:27:37 2018 UTC (6 years, 7 months ago) by jpp
Branch: MAIN
CVS Tags: libarchive-2_8_5-1_el6_sme, libarchive-2_8_5-0_el6_sme, HEAD
sources

1 jpp 1.1 commit 5096d11454f1643666ae41237a723d5e5ecdab06
2     Author: Doran Moppert <dmoppert@redhat.com>
3     Date: Fri Aug 12 14:17:55 2016 +0930
4    
5     backport 3c378bb - (jamtart-patches) Fix for hardlinks with .. in target path
6    
7     diff --git a/libarchive/archive_write_disk.c b/libarchive/archive_write_disk.c
8     index 2acf847..ac525e2 100644
9     --- a/libarchive/archive_write_disk.c
10     +++ b/libarchive/archive_write_disk.c
11     @@ -218,13 +218,14 @@ struct archive_write_disk {
12     #define MINIMUM_DIR_MODE 0700
13     #define MAXIMUM_DIR_MODE 0775
14    
15     -static int check_path_for_symlinks(char *path, int *error_number, struct archive_string *error_string, int flags);
16     +static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
17     static int check_symlinks(struct archive_write_disk *);
18     static int create_filesystem_object(struct archive_write_disk *);
19     static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
20     #ifdef HAVE_FCHDIR
21     static void edit_deep_directories(struct archive_write_disk *ad);
22     #endif
23     +static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
24     static int cleanup_pathname(struct archive_write_disk *);
25     static int create_dir(struct archive_write_disk *, char *);
26     static int create_parent_dir(struct archive_write_disk *, char *);
27     @@ -1082,7 +1083,7 @@ create_filesystem_object(struct archive_write_disk *a)
28     const char *linkname;
29     mode_t final_mode, mode;
30     int r;
31     - /* these for check_path_for_symlinks */
32     + /* these for check_symlinks_fsobj */
33     char *linkname_copy; /* non-const copy of linkname */
34     struct archive_string error_string;
35     int error_number;
36     @@ -1099,13 +1100,22 @@ create_filesystem_object(struct archive_write_disk *a)
37     if (linkname_copy == NULL) {
38     return (EPERM);
39     }
40     - r = check_path_for_symlinks(linkname_copy, &error_number, &error_string, a->flags);
41     - free(linkname_copy);
42     + /* TODO: consider using the cleaned-up path as the link target? */
43     + r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
44     + if (r != ARCHIVE_OK) {
45     + archive_set_error(&a->archive, error_number, "%s", error_string.s);
46     + free(linkname_copy);
47     + /* EPERM is more appropriate than error_number for our callers */
48     + return (EPERM);
49     + }
50     + r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
51     if (r != ARCHIVE_OK) {
52     archive_set_error(&a->archive, error_number, "%s", error_string.s);
53     /* EPERM is more appropriate than error_number for our callers */
54     + free(linkname_copy);
55     return (EPERM);
56     }
57     + free(linkname_copy);
58     r = link(linkname, a->name) ? errno : 0;
59     /*
60     * New cpio and pax formats allow hardlink entries
61     @@ -1443,7 +1453,8 @@ current_fixup(struct archive_write_disk *a, const char *pathname)
62     * Checks the given path to see if any elements along it are symlinks. Returns
63     * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
64     */
65     -static int check_path_for_symlinks(char *path, int *error_number, struct archive_string *error_string, int flags)
66     +static int
67     +check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
68     {
69     #if !defined(HAVE_LSTAT)
70     /* Platform doesn't have lstat, so we can't look for symlinks. */
71     @@ -1635,7 +1646,7 @@ check_symlinks(struct archive_write_disk *a)
72     int error_number;
73     int rc;
74     archive_string_init(&error_string);
75     - rc = check_path_for_symlinks(a->name, &error_number, &error_string, a->flags);
76     + rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
77     if (rc != ARCHIVE_OK) {
78     archive_set_error(&a->archive, error_number, "%s", error_string.s);
79     }
80     @@ -1703,15 +1714,17 @@ cleanup_pathname_win(struct archive_write_disk *a)
81     * set) any '..' in the path.
82     */
83     static int
84     -cleanup_pathname(struct archive_write_disk *a)
85     +cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
86     {
87     char *dest, *src;
88     char separator = '\0';
89    
90     - dest = src = a->name;
91     + dest = src = path;
92     if (*src == '\0') {
93     - archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
94     - "Invalid empty pathname");
95     + if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
96     + if (error_string)
97     + archive_string_sprintf(error_string,
98     + "Invalid empty pathname");
99     return (ARCHIVE_FAILED);
100     }
101    
102     @@ -1742,10 +1755,11 @@ cleanup_pathname(struct archive_write_disk *a)
103     } else if (src[1] == '.') {
104     if (src[2] == '/' || src[2] == '\0') {
105     /* Conditionally warn about '..' */
106     - if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
107     - archive_set_error(&a->archive,
108     - ARCHIVE_ERRNO_MISC,
109     - "Path contains '..'");
110     + if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
111     + if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
112     + if (error_string)
113     + archive_string_sprintf(error_string,
114     + "Path contains '..'");
115     return (ARCHIVE_FAILED);
116     }
117     }
118     @@ -1776,7 +1790,7 @@ cleanup_pathname(struct archive_write_disk *a)
119     * We've just copied zero or more path elements, not including the
120     * final '/'.
121     */
122     - if (dest == a->name) {
123     + if (dest == path) {
124     /*
125     * Nothing got copied. The path must have been something
126     * like '.' or '/' or './' or '/././././/./'.
127     @@ -1791,6 +1805,21 @@ cleanup_pathname(struct archive_write_disk *a)
128     return (ARCHIVE_OK);
129     }
130    
131     +static int
132     +cleanup_pathname(struct archive_write_disk *a)
133     +{
134     + struct archive_string error_string;
135     + int error_number;
136     + int rc;
137     + archive_string_init(&error_string);
138     + rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
139     + if (rc != ARCHIVE_OK) {
140     + archive_set_error(&a->archive, error_number, "%s", error_string.s);
141     + }
142     + archive_string_free(&error_string);
143     + return rc;
144     +}
145     +
146     /*
147     * Create the parent directory of the specified path, assuming path
148     * is already in mutable storage.

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed