OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Torsten Homeyer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 20-Sep-2004 15:55:59
Branch: HEAD Handle: 2004092014555800
Modified files:
openpkg-src/lha lha.patch lha.spec
Log:
Fixing security issues (CAN-2004-0694, CAN-2004-0745, CAN-2004-0769,
CAN-2004-0771)
Summary:
Revision Changes Path
1.3 +235 -0 openpkg-src/lha/lha.patch
1.11 +1 -1 openpkg-src/lha/lha.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/lha/lha.patch
============================================================================
$ cvs diff -u -r1.2 -r1.3 lha.patch
--- openpkg-src/lha/lha.patch 2 Jul 2004 09:34:00 -0000 1.2
+++ openpkg-src/lha/lha.patch 20 Sep 2004 13:55:58 -0000 1.3
@@ -88,3 +88,238 @@
l_code = symlink(bb2, bb1);
if (l_code < 0) {
if (quiet != TRUE)
+################################################################
+The following patches are fixing the following Security bugs:
+Fixed multiple vulnerabilities; bug #62618 from GenToo
+Gentoo Linux Security Advisory GLSA 200409-13
+CAN-2004-0694, CAN-2004-0745, CAN-2004-0769, CAN-2004-0771
+################################################################
+Index: src/lha.h
+--- src/lha.h.orig 2000-10-05 19:35:38 +0200
++++ src/lha.h 2004-09-20 14:59:52 +0200
+@@ -16,6 +16,7 @@
+ #include <sys/types.h>
+ #include <sys/file.h>
+ #include <sys/stat.h>
++#include <malloc.h>
+
+ #include <signal.h>
+
+Index: src/lha_macro.h
+--- src/lha_macro.h.orig 2000-10-04 16:57:38 +0200
++++ src/lha_macro.h 2004-09-20 14:59:52 +0200
+@@ -53,7 +53,7 @@
+ #define SEEK_SET 0
+ #define SEEK_CUR 1
+ #define SEEK_END 2
+-#endif /* SEEK_SET
++#endif /* SEEK_SET */
+
+
+ /* non-integral functions */
+Index: src/lharc.c
+--- src/lharc.c.orig 2000-10-05 19:33:34 +0200
++++ src/lharc.c 2004-09-20 14:59:52 +0200
+@@ -830,9 +830,10 @@
+ DIRENTRY *dp;
+ struct stat tmp_stbuf, arc_stbuf, fil_stbuf;
+
+- strcpy(newname, name);
++ strncpy(newname, name, sizeof(newname));
++ newname[sizeof(newname)-1] = 0;
+ len = strlen(name);
+- if (len > 0 && newname[len - 1] != '/')
++ if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1))
+ newname[len++] = '/';
+
+ dirp = opendir(name);
+@@ -846,6 +847,11 @@
+
+ for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
+ n = NAMLEN(dp);
++ if (len >= (sizeof(newname)-1) ||
++ (len+n) >= (sizeof(newname)-1) ||
++ n <= 0 ||
++ (len+n) <= 0)
++ break;
+ strncpy(newname + len, dp->d_name, n);
+ newname[len + n] = '\0';
+ if (GETSTAT(newname, &fil_stbuf) < 0)
+@@ -903,7 +909,8 @@
+ strcpy(temporary_name, TMP_FILENAME_TEMPLATE);
+ }
+ else {
+- sprintf(temporary_name, "%s/lhXXXXXX", extract_directory);
++ snprintf(temporary_name, sizeof(temporary_name),
++ "%s/lhXXXXXX", extract_directory);
+ }
+ #ifdef MKSTEMP
+ mkstemp(temporary_name);
+@@ -913,10 +920,16 @@
+ #else
+ char *p, *s;
+
+- strcpy(temporary_name, archive_name);
++ strncpy(temporary_name, archive_name, sizeof(temporary_name));
++ temporary_name[sizeof(temporary_name)-1] = 0;
+ for (p = temporary_name, s = (char *) 0; *p; p++)
+ if (*p == '/')
+ s = p;
++
++ if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1
++ <= strlen("lhXXXXXX"))
++ exit(-1);
++
+ strcpy((s ? s + 1 : temporary_name), "lhXXXXXX");
+ #ifdef MKSTEMP
+ mkstemp(temporary_name);
+@@ -1052,7 +1065,8 @@
+
+ if (open_old_archive_1(archive_name, &fp))
+ return fp;
+- sprintf(expanded_archive_name, "%s.lzh", archive_name);
++ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
++ "%s.lzh", archive_name);
+ if (open_old_archive_1(expanded_archive_name, &fp)) {
+ archive_name = expanded_archive_name;
+ return fp;
+@@ -1061,7 +1075,8 @@
+ * if ( (errno&0xffff)!=E_PNNF ) { archive_name =
+ * expanded_archive_name; return NULL; }
+ */
+- sprintf(expanded_archive_name, "%s.lzs", archive_name);
++ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
++ "%s.lzs", archive_name);
+ if (open_old_archive_1(expanded_archive_name, &fp)) {
+ archive_name = expanded_archive_name;
+ return fp;
+Index: src/lhext.c
+--- src/lhext.c.orig 2004-09-20 14:59:52 +0200
++++ src/lhext.c 2004-09-20 14:59:52 +0200
+@@ -82,7 +82,8 @@
+ register char *p;
+
+ /* make parent directory name into PATH for recursive call */
+- strcpy(path, name);
++ memset(path, 0, sizeof(path));
++ strncpy(path, name, sizeof(path)-1);
+ for (p = path + strlen(path); p > path; p--)
+ if (p[-1] == '/') {
+ *--p = '\0';
+@@ -212,9 +213,11 @@
+ }
+
+ if (extract_directory)
+- sprintf(name, "%s/%s", extract_directory, q);
+- else
+- strcpy(name, q);
++ snprintf(name, sizeof(name), "%s/%s", extract_directory, q);
++ else {
++ strncpy(name, q, sizeof(name));
++ name[sizeof(name) - 1] = '\0';
++ }
+
+
+ /* LZHDIRS_METHODを持つヘッダをチェックする */
+@@ -335,7 +338,8 @@
+ if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) ==
UNIX_FILE_SYMLINK) {
+ char buf[256], *bb1, *bb2;
+ int l_code;
+- strcpy(buf, name);
++ strncpy(buf, name, sizeof(buf));
++ buf[sizeof(buf)-1] = 0;
+ bb1 = strtok(buf, "|");
+ bb2 = strtok(NULL, "|");
+
+@@ -365,9 +369,10 @@
+ if (quiet != TRUE) {
+ printf("Symbolic Link %s -> %s\n", bb1, bb2);
+ }
+- strcpy(name, bb1); /* Symbolic's name set */
++ strncpy(name, bb1, 255); /* Symbolic's name set
*/
++ name[255] = 0;
+ #else
+- sprintf(buf, "%s -> %s", bb1, bb2);
++ sprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2);
+ warning("Can't make Symbolic Link", buf);
+ return;
+ #endif
+Index: src/lhlist.c
+--- src/lhlist.c.orig 2000-10-04 16:57:38 +0200
++++ src/lhlist.c 2004-09-20 14:59:52 +0200
+@@ -250,7 +250,8 @@
+ printf(" %s", hdr->name);
+ else {
+ char buf[256], *b1, *b2;
+- strcpy(buf, hdr->name);
++ strncpy(buf, hdr->name, sizeof(buf));
++ buf[sizeof(buf)-1] = 0;
+ b1 = strtok(buf, "|");
+ b2 = strtok(NULL, "|");
+ printf(" %s -> %s", b1, b2);
+Index: src/util.c
+--- src/util.c.orig 2000-10-04 16:57:38 +0200
++++ src/util.c 2004-09-20 14:59:52 +0200
+@@ -276,21 +276,27 @@
+ char *path;
+ {
+ int stat, rtn = 0;
+- char *cmdname;
+- if ((cmdname = (char *) malloc(strlen(RMDIRPATH) + 1 + strlen(path) + 1))
+- == 0)
++ pid_t child;
++
++
++ /* XXX thomas: shell meta chars in path could exec commands */
++ /* therefore we should avoid using system() */
++ if ((child = fork()) < 0)
++ return (-1); /* fork error */
++ else if (child) { /* parent process */
++ while (child != wait(&stat)) /* ignore signals */
++ continue;
++ }
++ else { /* child process */
++ execl(RMDIRPATH, "rmdir", path, (char *) 0);
++ /* never come here except execl is error */
+ return (-1);
+- strcpy(cmdname, RMDIRPATH);
+- *(cmdname + strlen(RMDIRPATH)) = ' ';
+- strcpy(cmdname + strlen(RMDIRPATH) + 1, path);
+- if ((stat = system(cmdname)) < 0)
+- rtn = -1; /* fork or exec error */
+- else if (stat) { /* RMDIR command error */
+- errno = EIO;
+- rtn = -1;
+ }
+- free(cmdname);
+- return (rtn);
++ if (stat != 0) {
++ errno = EIO; /* cannot get error num. */
++ return (-1);
++ }
++ return (0);
+ }
+
+ /* ------------------------------------------------------------------------ */
+Index: src/header.c
+--- src/header.c.orig 2004-09-20 14:59:52 +0200
++++ src/header.c 2004-09-20 14:59:52 +0200
+@@ -656,8 +656,17 @@
+ }
+
+ if (dir_length) {
++ if ((dir_length + name_length) > sizeof(dirname)) {
++ fprintf(stderr, "Insufficient buffer size\n");
++ exit(112);
++ }
+ strcat(dirname, hdr->name);
+- strcpy(hdr->name, dirname);
++
++ if ((dir_length + name_length) > sizeof(hdr->name)) {
++ fprintf(stderr, "Insufficient buffer size\n");
++ exit(112);
++ }
++ strncpy(hdr->name, dirname, sizeof(hdr->name));
+ name_length += dir_length;
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/lha/lha.spec
============================================================================
$ cvs diff -u -r1.10 -r1.11 lha.spec
--- openpkg-src/lha/lha.spec 2 Jul 2004 09:34:00 -0000 1.10
+++ openpkg-src/lha/lha.spec 20 Sep 2004 13:55:58 -0000 1.11
@@ -38,7 +38,7 @@
Group: Archiver
License: PD
Version: %{V_major}.%{V_minor}
-Release: 20040702
+Release: 20040920
# list of sources
Source0:
http://www2m.biglobe.ne.jp/~dolphin/lha/prog/lha-%{V_major}%{V_minor}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
