libarchive/contribs9/libarchive-2.8.3-CVE-2016-5418-variation.patch

commit 5096d11454f1643666ae41237a723d5e5ecdab06
Author: Doran Moppert <dmoppert@redhat.com>
Date:   Fri Aug 12 14:17:55 2016 +0930

    backport 3c378bb - (jamtart-patches) Fix for hardlinks with .. in target path

diff --git a/libarchive/archive_write_disk.c b/libarchive/archive_write_disk.c
index 2acf847..ac525e2 100644
--- a/libarchive/archive_write_disk.c
+++ b/libarchive/archive_write_disk.c
@@ -218,13 +218,14 @@ struct archive_write_disk {
 #define        MINIMUM_DIR_MODE 0700
 #define        MAXIMUM_DIR_MODE 0775
 
-static int     check_path_for_symlinks(char *path, int *error_number, struct archive_string *error_string, int flags);
+static int     check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
 static int     check_symlinks(struct archive_write_disk *);
 static int     create_filesystem_object(struct archive_write_disk *);
 static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
 #ifdef HAVE_FCHDIR
 static void    edit_deep_directories(struct archive_write_disk *ad);
 #endif
+static int     cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
 static int     cleanup_pathname(struct archive_write_disk *);
 static int     create_dir(struct archive_write_disk *, char *);
 static int     create_parent_dir(struct archive_write_disk *, char *);
@@ -1082,7 +1083,7 @@ create_filesystem_object(struct archive_write_disk *a)
        const char *linkname;
        mode_t final_mode, mode;
        int r;
-       /* these for check_path_for_symlinks */
+       /* these for check_symlinks_fsobj */
        char *linkname_copy;    /* non-const copy of linkname */
        struct archive_string error_string;
        int error_number;
@@ -1099,13 +1100,22 @@ create_filesystem_object(struct archive_write_disk *a)
                if (linkname_copy == NULL) {
                    return (EPERM);
                }
-               r = check_path_for_symlinks(linkname_copy, &error_number, &error_string, a->flags);
-               free(linkname_copy);
+               /* TODO: consider using the cleaned-up path as the link target? */
+               r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
+               if (r != ARCHIVE_OK) {
+                       archive_set_error(&a->archive, error_number, "%s", error_string.s);
+                       free(linkname_copy);
+                       /* EPERM is more appropriate than error_number for our callers */
+                       return (EPERM);
+               }
+               r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
                if (r != ARCHIVE_OK) {
                        archive_set_error(&a->archive, error_number, "%s", error_string.s);
                        /* EPERM is more appropriate than error_number for our callers */
+                       free(linkname_copy);
                        return (EPERM);
                }
+               free(linkname_copy);
                r = link(linkname, a->name) ? errno : 0;
                /*
                 * New cpio and pax formats allow hardlink entries
@@ -1443,7 +1453,8 @@ current_fixup(struct archive_write_disk *a, const char *pathname)
  * Checks the given path to see if any elements along it are symlinks.  Returns
  * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
  */
-static int check_path_for_symlinks(char *path, int *error_number, struct archive_string *error_string, int flags)
+static int
+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
 {
 #if !defined(HAVE_LSTAT)
        /* Platform doesn't have lstat, so we can't look for symlinks. */
@@ -1635,7 +1646,7 @@ check_symlinks(struct archive_write_disk *a)
        int error_number;
        int rc;
        archive_string_init(&error_string);
-       rc = check_path_for_symlinks(a->name, &error_number, &error_string, a->flags);
+       rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
        if (rc != ARCHIVE_OK) {
                archive_set_error(&a->archive, error_number, "%s", error_string.s);
        }
@@ -1703,15 +1714,17 @@ cleanup_pathname_win(struct archive_write_disk *a)
  * set) any '..' in the path.
  */
 static int
-cleanup_pathname(struct archive_write_disk *a)
+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
 {
        char *dest, *src;
        char separator = '\0';
 
-       dest = src = a->name;
+       dest = src = path;
        if (*src == '\0') {
-               archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-                   "Invalid empty pathname");
+               if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
+               if (error_string)
+                       archive_string_sprintf(error_string,
+                               "Invalid empty pathname");
                return (ARCHIVE_FAILED);
        }
 
@@ -1742,10 +1755,11 @@ cleanup_pathname(struct archive_write_disk *a)
                        } else if (src[1] == '.') {
                                if (src[2] == '/' || src[2] == '\0') {
                                        /* Conditionally warn about '..' */
-                                       if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-                                               archive_set_error(&a->archive,
-                                                   ARCHIVE_ERRNO_MISC,
-                                                   "Path contains '..'");
+                                       if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
+                                               if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
+                                               if (error_string)
+                                                       archive_string_sprintf(error_string,
+                                                               "Path contains '..'");
                                                return (ARCHIVE_FAILED);
                                        }
                                }
@@ -1776,7 +1790,7 @@ cleanup_pathname(struct archive_write_disk *a)
         * We've just copied zero or more path elements, not including the
         * final '/'.
         */
-       if (dest == a->name) {
+       if (dest == path) {
                /*
                 * Nothing got copied.  The path must have been something
                 * like '.' or '/' or './' or '/././././/./'.
@@ -1791,6 +1805,21 @@ cleanup_pathname(struct archive_write_disk *a)
        return (ARCHIVE_OK);
 }
 
+static int
+cleanup_pathname(struct archive_write_disk *a)
+{
+       struct archive_string error_string;
+       int error_number;
+       int rc;
+       archive_string_init(&error_string);
+       rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
+       if (rc != ARCHIVE_OK) {
+               archive_set_error(&a->archive, error_number, "%s", error_string.s);
+       }
+       archive_string_free(&error_string);
+       return rc;
+}
+
 /*
  * Create the parent directory of the specified path, assuming path
  * is already in mutable storage.
1	commit 5096d11454f1643666ae41237a723d5e5ecdab06
2	Author: Doran Moppert <dmoppert@redhat.com>
3	Date: Fri Aug 12 14:17:55 2016 +0930
4
5	backport 3c378bb - (jamtart-patches) Fix for hardlinks with .. in target path
6
7	diff --git a/libarchive/archive_write_disk.c b/libarchive/archive_write_disk.c
8	index 2acf847..ac525e2 100644
9	--- a/libarchive/archive_write_disk.c
10	+++ b/libarchive/archive_write_disk.c
11	@@ -218,13 +218,14 @@ struct archive_write_disk {
12	#define MINIMUM_DIR_MODE 0700
13	#define MAXIMUM_DIR_MODE 0775
14
15	-static int check_path_for_symlinks(char path, int error_number, struct archive_string *error_string, int flags);
16	+static int check_symlinks_fsobj(char path, int error_number, struct archive_string *error_string, int flags);
17	static int check_symlinks(struct archive_write_disk *);
18	static int create_filesystem_object(struct archive_write_disk *);
19	static struct fixup_entry current_fixup(struct archive_write_disk , const char *pathname);
20	#ifdef HAVE_FCHDIR
21	static void edit_deep_directories(struct archive_write_disk *ad);
22	#endif
23	+static int cleanup_pathname_fsobj(char path, int error_number, struct archive_string *error_string, int flags);
24	static int cleanup_pathname(struct archive_write_disk *);
25	static int create_dir(struct archive_write_disk , char );
26	static int create_parent_dir(struct archive_write_disk , char );
27	@@ -1082,7 +1083,7 @@ create_filesystem_object(struct archive_write_disk *a)
28	const char *linkname;
29	mode_t final_mode, mode;
30	int r;
31	- /* these for check_path_for_symlinks */
32	+ /* these for check_symlinks_fsobj */
33	char linkname_copy; / non-const copy of linkname */
34	struct archive_string error_string;
35	int error_number;
36	@@ -1099,13 +1100,22 @@ create_filesystem_object(struct archive_write_disk *a)
37	if (linkname_copy == NULL) {
38	return (EPERM);
39	}
40	- r = check_path_for_symlinks(linkname_copy, &error_number, &error_string, a->flags);
41	- free(linkname_copy);
42	+ /* TODO: consider using the cleaned-up path as the link target? */
43	+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
44	+ if (r != ARCHIVE_OK) {
45	+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
46	+ free(linkname_copy);
47	+ /* EPERM is more appropriate than error_number for our callers */
48	+ return (EPERM);
49	+ }
50	+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
51	if (r != ARCHIVE_OK) {
52	archive_set_error(&a->archive, error_number, "%s", error_string.s);
53	/* EPERM is more appropriate than error_number for our callers */
54	+ free(linkname_copy);
55	return (EPERM);
56	}
57	+ free(linkname_copy);
58	r = link(linkname, a->name) ? errno : 0;
59	/*
60	* New cpio and pax formats allow hardlink entries
61	@@ -1443,7 +1453,8 @@ current_fixup(struct archive_write_disk a, const char pathname)
62	* Checks the given path to see if any elements along it are symlinks. Returns
63	* ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
64	*/
65	-static int check_path_for_symlinks(char path, int error_number, struct archive_string *error_string, int flags)
66	+static int
67	+check_symlinks_fsobj(char path, int error_number, struct archive_string *error_string, int flags)
68	{
69	#if !defined(HAVE_LSTAT)
70	/* Platform doesn't have lstat, so we can't look for symlinks. */
71	@@ -1635,7 +1646,7 @@ check_symlinks(struct archive_write_disk *a)
72	int error_number;
73	int rc;
74	archive_string_init(&error_string);
75	- rc = check_path_for_symlinks(a->name, &error_number, &error_string, a->flags);
76	+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
77	if (rc != ARCHIVE_OK) {
78	archive_set_error(&a->archive, error_number, "%s", error_string.s);
79	}
80	@@ -1703,15 +1714,17 @@ cleanup_pathname_win(struct archive_write_disk *a)
81	* set) any '..' in the path.
82	*/
83	static int
84	-cleanup_pathname(struct archive_write_disk *a)
85	+cleanup_pathname_fsobj(char path, int error_number, struct archive_string *error_string, int flags)
86	{
87	char dest, src;
88	char separator = '\0';
89
90	- dest = src = a->name;
91	+ dest = src = path;
92	if (*src == '\0') {
93	- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
94	- "Invalid empty pathname");
95	+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
96	+ if (error_string)
97	+ archive_string_sprintf(error_string,
98	+ "Invalid empty pathname");
99	return (ARCHIVE_FAILED);
100	}
101
102	@@ -1742,10 +1755,11 @@ cleanup_pathname(struct archive_write_disk *a)
103	} else if (src[1] == '.') {
104	if (src[2] == '/' \|\| src[2] == '\0') {
105	/* Conditionally warn about '..' */
106	- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
107	- archive_set_error(&a->archive,
108	- ARCHIVE_ERRNO_MISC,
109	- "Path contains '..'");
110	+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
111	+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
112	+ if (error_string)
113	+ archive_string_sprintf(error_string,
114	+ "Path contains '..'");
115	return (ARCHIVE_FAILED);
116	}
117	}
118	@@ -1776,7 +1790,7 @@ cleanup_pathname(struct archive_write_disk *a)
119	* We've just copied zero or more path elements, not including the
120	* final '/'.
121	*/
122	- if (dest == a->name) {
123	+ if (dest == path) {
124	/*
125	* Nothing got copied. The path must have been something
126	* like '.' or '/' or './' or '/././././/./'.
127	@@ -1791,6 +1805,21 @@ cleanup_pathname(struct archive_write_disk *a)
128	return (ARCHIVE_OK);
129	}
130
131	+static int
132	+cleanup_pathname(struct archive_write_disk *a)
133	+{
134	+ struct archive_string error_string;
135	+ int error_number;
136	+ int rc;
137	+ archive_string_init(&error_string);
138	+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
139	+ if (rc != ARCHIVE_OK) {
140	+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
141	+ }
142	+ archive_string_free(&error_string);
143	+ return rc;
144	+}
145	+
146	/*
147	* Create the parent directory of the specified path, assuming path
148	* is already in mutable storage.