Bug#446236: lha doesn't work with recent glibc upgrade in testing
On Thu, Oct 11, 2007 at 02:38:15PM +0400, Sergey Lapin wrote:
That's due to mkstemp call and O_EXCL in subsequent open of the same file.
I workaround this by removing O_EXCL, but I think it is either some
problem in glibc or code in lha needs to be reworked.
I fixed it by not using O_EXCL when mkstemp was used previously to
create the file. The other code paths looked differently so I still use
O_EXCL there in the hope that it does not break.
A proper fix would take the fd returned by mkstemp, but that would
require more intrusive code changes.
NMU patch is attached.
Kind regards
Philipp Kern
diff -u lha-1.14i/debian/changelog lha-1.14i/debian/changelog
--- lha-1.14i/debian/changelog
+++ lha-1.14i/debian/changelog
@@ -1,3 +1,10 @@
+lha (1.14i-10.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix subsequent open with O_EXCL after mkstemp (Closes: #446236)
+
+ -- Philipp Kern [EMAIL PROTECTED] Sat, 01 Dec 2007 16:32:52 +0100
+
lha (1.14i-10.2) unstable; urgency=high
* Non-maintainer upload by testing security team.
diff -u lha-1.14i/debian/patch.CVE-2007-2030.patch
lha-1.14i/debian/patch.CVE-2007-2030.patch
--- lha-1.14i/debian/patch.CVE-2007-2030.patch
+++ lha-1.14i/debian/patch.CVE-2007-2030.patch
@@ -1,6 +1,7 @@
lha-114i/src/lhadd.c
-+++ lha-114i/src/lhadd.c
-@@ -35,6 +35,8 @@ add_one(fp, nafp, hdr)
+diff -Naur lha-1.14i.orig/src/lhadd.c lha-1.14i/src/lhadd.c
+--- lha-1.14i.orig/src/lhadd.c 2000-10-04 16:57:38.0 +0200
lha-1.14i/src/lhadd.c 2007-12-01 16:29:29.0 +0100
+@@ -35,6 +35,8 @@
if ((hdr-unix_mode UNIX_FILE_SYMLINK) == UNIX_FILE_SYMLINK) {
charbuf[256], *b1, *b2;
if (!quiet) {
@@ -9,7 +10,16 @@
strcpy(buf, hdr-name);
b1 = strtok(buf, |);
b2 = strtok(NULL, |);
-@@ -211,8 +213,11 @@ find_update_files(oafp)
+@@ -108,7 +110,7 @@
+ if (symlink)
+ fp = NULL;
+ else
+- fp = xfopen(name, READ_BINARY);
++ fp = xfopen(name, READ_BINARY, 0);
+ else {
+ fp = NULL;
+ }
+@@ -211,8 +213,11 @@
add_sp(sp, hdr.name, strlen(hdr.name) + 1);
}
else if ((hdr.unix_mode UNIX_FILE_TYPEMASK) ==
UNIX_FILE_DIRECTORY) {
@@ -21,7 +31,7 @@
if (len 0 name[len - 1] == '/')
name[--len] = '\0'; /* strip tail '/' */
if (stat(name, stbuf) = 0)/* exist ? */
-@@ -237,17 +242,21 @@ delete(oafp, nafp)
+@@ -237,17 +242,21 @@
old_header_pos = ftell(oafp);
while (get_header(oafp, ahdr)) {
@@ -43,20 +53,42 @@
else { /* copy */
if (noexec) {
fseek(oafp, ahdr.packed_size, SEEK_CUR);
-@@ -276,7 +285,7 @@ build_temporary_file()
+@@ -276,7 +285,7 @@
signal(SIGHUP, interrupt);
old_umask = umask(077);
- afp = xfopen(temporary_name, WRITE_BINARY);
-+ afp = xfopen(temporary_name, ! WRITE_BINARY);
++ afp = xfopen(temporary_name, ! WRITE_BINARY, 1);
remove_temporary_at_error = TRUE;
temporary_fp = afp;
umask(old_umask);
lha-114i/src/lharc.c
-+++ lha-114i/src/lharc.c
-@@ -1005,10 +1005,18 @@ FILE *
- xfopen(name, mode)
+@@ -319,13 +328,13 @@
+ {
+ FILE *oafp, *nafp;
+
+- oafp = xfopen(temporary_name, READ_BINARY);
++ oafp = xfopen(temporary_name, READ_BINARY, 1);
+ if (!strcmp(new_archive_name, -)) {
+ nafp = stdout;
+ writting_filename = starndard output;
+ }
+ else {
+- nafp = xfopen(new_archive_name, WRITE_BINARY);
++ nafp = xfopen(new_archive_name, WRITE_BINARY, 0);
+ writting_filename = archive_name;
+ }
+ reading_filename = temporary_name;
+diff -Naur lha-1.14i.orig/src/lharc.c lha-1.14i/src/lharc.c
+--- lha-1.14i.orig/src/lharc.c 2007-12-01 16:17:19.0 +0100
lha-1.14i/src/lharc.c 2007-12-01 16:36:24.0 +0100
+@@ -1016,13 +1016,26 @@
+ }
+
+ FILE *
+-xfopen(name, mode)
++xfopen(name, mode, safe)
char *name, *mode;
++ intsafe;
{
- FILE *fp;
+ FILE *fp = NULL;
@@ -64,7 +96,11 @@
+ if (mode[0] == '!') {
+ int fd;
-+ fd = open(name, O_RDWR|O_CREAT|O_EXCL, 0600);
++ int mask = O_RDWR|O_CREAT;
++ if(safe == 0)
++ mask |= O_EXCL;
++
++ fd = open(name, mask, 0600);
+ if (fd 0 || (fp = fdopen(fd, mode + 1)) == NULL)
+ fatal_error(name);
+ } else {
@@ -74,9 +110,10 @@
return fp;
}
lha-114i/src/lhext.c
-+++ lha-114i/src/lhext.c
-@@ -360,7 +360,6 @@
Bug#446236: lha doesn't work with recent glibc upgrade in testing
Package: lha
Version: 1.14i-10.2
Severity: grave
Justification: renders package unusable
[EMAIL PROTECTED]:~$ lha c t z
LHa: Fatal error: /tmp/lhMEjFue: File exists
strace output:
[EMAIL PROTECTED]:~$ strace lha c t z
execve(/usr/bin/lha, [lha, c, t, z], [/* 18 vars */]) = 0
brk(0) = 0x805e000
uname({sys=Linux, node=fan.ossfans.org, ...}) = 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x4001e000
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory)
open(/etc/ld.so.cache, O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=27649, ...}) = 0
mmap2(NULL, 27649, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4002
close(3)= 0
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory)
open(/lib/libc.so.6, O_RDONLY)= 3
read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260a\1..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1335912, ...}) = 0
mmap2(NULL, 1340944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x40027000
mmap2(0x40169000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x142) =
0x40169000
mmap2(0x4016c000, 9744, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) =
0x4016c000
close(3)= 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x4016f000
set_thread_area({entry_number:-1 - 6, base_addr:0x4016f6b0, limit:1048575,
seg_32bit:1,
contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1})
= 0
mprotect(0x40169000, 4096, PROT_READ) = 0
munmap(0x4002, 27649) = 0
brk(0) = 0x805e000
brk(0x807f000) = 0x807f000
stat64(t, 0xb104) = -1 ENOENT (No such file or directory)
stat64(t.lzh, 0xb104) = -1 ENOENT (No such file or directory)
stat64(t.lzs, 0xb104) = -1 ENOENT (No such file or directory)
gettimeofday({1192098912, 755011}, NULL) = 0
getpid()= 15631
open(/tmp/lh9Ve6h3, O_RDWR|O_CREAT|O_EXCL, 0600) = 3
rt_sigaction(SIGINT, {0x8049ee0, [INT], SA_RESTORER|SA_RESTART, 0x40051878},
{SIG_DFL}, 8) = 0
rt_sigaction(SIGHUP, {0x8049ee0, [HUP], SA_RESTORER|SA_RESTART, 0x40051878},
{SIG_DFL}, 8) = 0
umask(077) = 02
open(/tmp/lh9Ve6h3, O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EEXIST (File exists)
write(2, LHa: Fatal error: , 18LHa: Fatal error: ) = 18
write(2, /tmp/lh9Ve6h3: File exists\n, 27/tmp/lh9Ve6h3: File exists
) = 27
exit_group(1) = ?
Process 15631 detached
That's due to mkstemp call and O_EXCL in subsequent open of the same file.
I workaround this by removing O_EXCL, but I think it is either some
problem in glibc or code in lha needs to be reworked.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Versions of packages lha depends on:
ii libc6 2.6.1-1+b1 GNU C Library: Shared libraries
lha recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
