source: patches/tar-1.15.1-security_fixes-1.patch@ ff0b3b7

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since ff0b3b7 was 5c5752c, checked in by Jim Gifford <clfs@…>, 20 years ago

Added: sun disklabel patches. Tar Security Patch.

  • Property mode set to 100644
File size: 3.9 KB
  • src/xheader.c

    Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
    Date: 2006-04-14
    Initial Package Version: 1.15.1
    Origin: gentoo, backported from CVS, rediffed to apply with -p1
    Description: addresses vulnerability CVE-2006-0300
    
    diff -Naurp tar-1.15.1-vanilla/src/xheader.c tar-1.15.1/src/xheader.c
    old new code_num (uintmax_t value, char const *k  
    783783  xheader_print (xhdr, keyword, sbuf);
    784784}
    785785
     786static bool
     787decode_num (uintmax_t *num, char const *arg, uintmax_t maxval,
     788        char const *keyword)
     789{
     790  uintmax_t u;
     791  char *arg_lim;
     792
     793  if (! (ISDIGIT (*arg)
     794     && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim)))
     795    {
     796      ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"),
     797          keyword, arg));
     798      return false;
     799    }
     800
     801  if (! (u <= maxval && errno != ERANGE))
     802    {
     803      ERROR ((0, 0, _("Extended header %s=%s is out of range"),
     804        keyword, arg));
     805      return false;
     806    }
     807
     808  *num = u;
     809  return true;
     810}
     811
    786812static void
    787813dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)),
    788814             char const *keyword __attribute__ ((unused)),
    static void  
    821847gid_decoder (struct tar_stat_info *st, char const *arg)
    822848{
    823849  uintmax_t u;
    824   if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
     850  if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid"))
    825851    st->stat.st_gid = u;
    826852}
    827853
    static void  
    903929size_decoder (struct tar_stat_info *st, char const *arg)
    904930{
    905931  uintmax_t u;
    906   if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
     932  if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size"))
    907933    st->archive_file_size = st->stat.st_size = u;
    908934}
    909935
    static void  
    918944uid_decoder (struct tar_stat_info *st, char const *arg)
    919945{
    920946  uintmax_t u;
    921   if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
     947  if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid"))
    922948    st->stat.st_uid = u;
    923949}
    924950
    static void  
    946972sparse_size_decoder (struct tar_stat_info *st, char const *arg)
    947973{
    948974  uintmax_t u;
    949   if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
     975  if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size"))
    950976    st->stat.st_size = u;
    951977}
    952978
    static void  
    962988sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg)
    963989{
    964990  uintmax_t u;
    965   if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
     991  if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks"))
    966992    {
    967993      st->sparse_map_size = u;
    968       st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0]));
     994      st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]);
    969995      st->sparse_map_avail = 0;
    970996    }
    971997}
    static void  
    9821008sparse_offset_decoder (struct tar_stat_info *st, char const *arg)
    9831009{
    9841010  uintmax_t u;
    985   if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
     1011  if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset"))
     1012    {
     1013      if (st->sparse_map_avail < st->sparse_map_size)
    9861014    st->sparse_map[st->sparse_map_avail].offset = u;
     1015      else
     1016    ERROR ((0, 0, _("Malformed extended header: excess %s=%s"),
     1017        "GNU.sparse.offset", arg));
     1018    }
    9871019}
    9881020
    9891021static void
    static void  
    9981030sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg)
    9991031{
    10001032  uintmax_t u;
    1001   if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
     1033  if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes"))
    10021034    {
    10031035      if (st->sparse_map_avail == st->sparse_map_size)
    1004         {
    1005           st->sparse_map_size *= 2;
    1006           st->sparse_map = xrealloc (st->sparse_map,
    1007                                      st->sparse_map_size
    1008                                      * sizeof st->sparse_map[0]);
    1009         }
     1036        st->sparse_map = x2nrealloc (st->sparse_map,
     1037                                    &st->sparse_map_size,
     1038                                    sizeof st->sparse_map[0]);
     1039
    10101040      st->sparse_map[st->sparse_map_avail++].numbytes = u;
    10111041    }
    10121042}
Note: See TracBrowser for help on using the repository browser.