OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 05-Mar-2006 19:53:57
Branch: HEAD Handle: 2006030518535600
Modified files:
openpkg-src/tar tar.patch tar.spec
Log:
Security Fixes (CVE-2006-0300)
Summary:
Revision Changes Path
1.11 +127 -0 openpkg-src/tar/tar.patch
1.50 +1 -1 openpkg-src/tar/tar.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/tar/tar.patch
============================================================================
$ cvs diff -u -r1.10 -r1.11 tar.patch
--- openpkg-src/tar/tar.patch 31 Jan 2005 20:37:23 -0000 1.10
+++ openpkg-src/tar/tar.patch 5 Mar 2006 18:53:56 -0000 1.11
@@ -92,3 +92,130 @@
if (size < 0)
{
readlink_diag (p);
+
+-----------------------------------------------------------------------------
+
+Security Fixes (CVE-2006-0300)
+
+Index: src/xheader.c
+--- src/xheader.c.orig 2006-03-05 09:35:35 +0100
++++ src/xheader.c 2006-03-05 09:38:10 +0100
+@@ -784,6 +784,32 @@
+ xheader_print (xhdr, keyword, sbuf);
+ }
+
++static bool
++decode_num (uintmax_t *num, char const *arg, uintmax_t maxval,
++ char const *keyword)
++{
++ uintmax_t u;
++ char *arg_lim;
++
++ if (! (ISDIGIT (*arg)
++ && (errno = 0, xstrtoumax (arg, &arg_lim, 10, &u, ""), !*arg_lim)))
++ {
++ ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"),
++ keyword, arg));
++ return false;
++ }
++
++ if (! (u <= maxval && errno != ERANGE))
++ {
++ ERROR ((0, 0, _("Extended header %s=%s is out of range"),
++ keyword, arg));
++ return false;
++ }
++
++ *num = u;
++ return true;
++}
++
+ static void
+ dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)),
+ char const *keyword __attribute__ ((unused)),
+@@ -822,7 +848,7 @@
+ gid_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid"))
+ st->stat.st_gid = u;
+ }
+
+@@ -904,7 +930,7 @@
+ size_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size"))
+ st->archive_file_size = st->stat.st_size = u;
+ }
+
+@@ -919,7 +945,7 @@
+ uid_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid"))
+ st->stat.st_uid = u;
+ }
+
+@@ -947,7 +973,7 @@
+ sparse_size_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size"))
+ st->stat.st_size = u;
+ }
+
+@@ -963,10 +989,10 @@
+ sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks"))
+ {
+ st->sparse_map_size = u;
+- st->sparse_map = calloc(st->sparse_map_size,
sizeof(st->sparse_map[0]));
++ st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]);
+ st->sparse_map_avail = 0;
+ }
+ }
+@@ -983,8 +1009,14 @@
+ sparse_offset_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset"))
++ {
++ if (st->sparse_map_avail < st->sparse_map_size)
+ st->sparse_map[st->sparse_map_avail].offset = u;
++ else
++ ERROR ((0, 0, _("Malformed extended header: excess %s=%s"),
++ "GNU.sparse.offset", arg));
++ }
+ }
+
+ static void
+@@ -999,15 +1031,13 @@
+ sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes"))
+ {
+ if (st->sparse_map_avail == st->sparse_map_size)
+- {
+- st->sparse_map_size *= 2;
+- st->sparse_map = xrealloc (st->sparse_map,
+- st->sparse_map_size
+- * sizeof st->sparse_map[0]);
+- }
++ st->sparse_map = x2nrealloc (st->sparse_map,
++ &st->sparse_map_size,
++ sizeof st->sparse_map[0]);
++
+ st->sparse_map[st->sparse_map_avail++].numbytes = u;
+ }
+ }
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/tar/tar.spec
============================================================================
$ cvs diff -u -r1.49 -r1.50 tar.spec
--- openpkg-src/tar/tar.spec 1 Jan 2006 13:23:01 -0000 1.49
+++ openpkg-src/tar/tar.spec 5 Mar 2006 18:53:56 -0000 1.50
@@ -33,7 +33,7 @@
Group: Archiver
License: GPL
Version: 1.15.1
-Release: 20050131
+Release: 20060305
# list of sources
Source0: ftp://ftp.gnu.org/gnu/tar/tar-%{version}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
