rpms/lha/devel lha-1.14i-dir_length_bounds_check.patch, NONE, 1.1 lha-1.14i-malloc.patch, NONE, 1.1 lha-1.14i-sec.patch, NONE, 1.1 lha-1.14i-sec2.patch, NONE, 1.1 lha-1.14i-symlink.patch, NONE, 1.1 lha.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
9:47 a.m.
Author: jwrdegoede
Update of /cvs/nonfree/rpms/lha/devel
In directory se02.es.rpmfusion.net:/tmp/cvs-serv32311/devel
Modified Files:
.cvsignore sources
Added Files:
lha-1.14i-dir_length_bounds_check.patch lha-1.14i-malloc.patch
lha-1.14i-sec.patch lha-1.14i-sec2.patch
lha-1.14i-symlink.patch lha.spec
Log Message:
initial lha import
lha-1.14i-dir_length_bounds_check.patch:
--- NEW FILE lha-1.14i-dir_length_bounds_check.patch ---
--- lha-114i.orig/src/header.c 2002-07-19 17:23:58.000000000 +0900
+++ lha-114i/src/header.c 2004-06-16 09:49:23.000000000 +0900
@@ -648,8 +648,17 @@
}
if (dir_length) {
+ if ((dir_length + name_length) > sizeof(dirname)) {
+ fprintf(stderr, "Insufficient buffer size\n");
+ exit(112);
+ }
strcat(dirname, hdr->name);
- strcpy(hdr->name, dirname);
+
+ if ((dir_length + name_length) > sizeof(hdr->name)) {
+ fprintf(stderr, "Insufficient buffer size\n");
+ exit(112);
+ }
+ strncpy(hdr->name, dirname, sizeof(hdr->name));
name_length += dir_length;
}
lha-1.14i-malloc.patch:
--- NEW FILE lha-1.14i-malloc.patch ---
--- lha-114i/src/lha.h.orig 2004-05-19 19:24:19.000000000 -0400
+++ lha-114i/src/lha.h 2004-05-19 19:23:19.000000000 -0400
@@ -16,6 +16,7 @@
#include <sys/types.h>
#include <sys/file.h>
#include <sys/stat.h>
+#include <malloc.h>
#include <signal.h>
lha-1.14i-sec.patch:
--- NEW FILE lha-1.14i-sec.patch ---
--- lha-114i/src/header.c.orig 2000-10-05 19:36:03.000000000 +0200
+++ lha-114i/src/header.c 2004-04-21 14:30:52.000000000 +0200
@@ -538,6 +538,10 @@
/*
* filename
*/
+ if (header_size >= 256) {
+ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");
+ exit(109);
+ }
for (i = 0; i < header_size - 3; i++)
hdr->name[i] = (char) get_byte();
hdr->name[header_size - 3] = '\0';
@@ -547,6 +551,10 @@
/*
* directory
*/
+ if (header_size >= FILENAME_LENGTH) {
+ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");
+ exit(110);
+ }
for (i = 0; i < header_size - 3; i++)
dirname[i] = (char) get_byte();
dirname[header_size - 3] = '\0';
--- lha-114i/src/lhext.c.orig 2000-10-04 16:57:38.000000000 +0200
+++ lha-114i/src/lhext.c 2004-04-21 14:30:52.000000000 +0200
@@ -190,8 +190,13 @@
q = (char *) rindex(hdr->name, '/') + 1;
}
else {
+ if (is_directory_traversal(q)) {
+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
+ exit(111);
+ }
+
if (*q == '/') {
- q++;
+ while (*q == '/') { q++; }
/*
* if OSK then strip device name
*/
@@ -419,6 +424,33 @@
return;
}
+int
+is_directory_traversal(char *string)
+{
+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
+ char *temp;
+
+ temp = string;
+
+ while (*temp != 0) {
+ if (temp[0] == '/') {
+ if (type == 1) { return 1; }
+ type = 0;
+ temp++;
+ continue;
+ }
+
+ if ((temp[0] == '.') && (type < 2))
+ type = 1;
+ if (temp[0] != '.')
+ type = 2;
+
+ temp++;
+ } /* while */
+
+ return (type == 1);
+}
+
/* Local Variables: */
/* mode:c */
/* tab-width:4 */
lha-1.14i-sec2.patch:
--- NEW FILE lha-1.14i-sec2.patch ---
diff -urNp lha-114i.orig/src/lha_macro.h lha-114i/src/lha_macro.h
--- lha-114i.orig/src/lha_macro.h 2004-08-03 15:53:56.000000000 -0500
+++ lha-114i/src/lha_macro.h 2004-08-03 15:54:05.000000000 -0500
@@ -53,7 +53,7 @@
#define SEEK_SET 0
#define SEEK_CUR 1
#define SEEK_END 2
-#endif /* SEEK_SET
+#endif /* SEEK_SET */
/* non-integral functions */
diff -urNp lha-114i.orig/src/lharc.c lha-114i/src/lharc.c
--- lha-114i.orig/src/lharc.c 2004-08-03 15:53:56.000000000 -0500
+++ lha-114i/src/lharc.c 2004-08-03 15:54:05.000000000 -0500
@@ -830,9 +830,10 @@ find_files(name, v_filec, v_filev)
DIRENTRY *dp;
struct stat tmp_stbuf, arc_stbuf, fil_stbuf;
- strcpy(newname, name);
+ strncpy(newname, name, sizeof(newname));
+ newname[sizeof(newname)-1] = 0;
len = strlen(name);
- if (len > 0 && newname[len - 1] != '/')
+ if (len > 0 && newname[len - 1] != '/' && len <
(sizeof(newname)-1))
newname[len++] = '/';
dirp = opendir(name);
@@ -846,6 +847,11 @@ find_files(name, v_filec, v_filev)
for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
n = NAMLEN(dp);
+ if (len >= (sizeof(newname)-1) ||
+ (len+n) >= (sizeof(newname)-1) ||
+ n <= 0 ||
+ (len+n) <= 0)
+ break;
strncpy(newname + len, dp->d_name, n);
newname[len + n] = '\0';
if (GETSTAT(newname, &fil_stbuf) < 0)
@@ -903,7 +909,8 @@ build_temporary_name()
strcpy(temporary_name, TMP_FILENAME_TEMPLATE);
}
else {
- sprintf(temporary_name, "%s/lhXXXXXX", extract_directory);
+ snprintf(temporary_name, sizeof(temporary_name),
+ "%s/lhXXXXXX", extract_directory);
}
#ifdef MKSTEMP
mkstemp(temporary_name);
@@ -913,10 +920,16 @@ build_temporary_name()
#else
char *p, *s;
- strcpy(temporary_name, archive_name);
+ strncpy(temporary_name, archive_name, sizeof(temporary_name));
+ temporary_name[sizeof(temporary_name)-1] = 0;
for (p = temporary_name, s = (char *) 0; *p; p++)
if (*p == '/')
s = p;
+
+ if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1
+ <= strlen("lhXXXXXX"))
+ exit(-1);
+
strcpy((s ? s + 1 : temporary_name), "lhXXXXXX");
#ifdef MKSTEMP
mkstemp(temporary_name);
@@ -1052,7 +1065,8 @@ open_old_archive()
if (open_old_archive_1(archive_name, &fp))
return fp;
- sprintf(expanded_archive_name, "%s.lzh", archive_name);
+ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+ "%s.lzh", archive_name);
if (open_old_archive_1(expanded_archive_name, &fp)) {
archive_name = expanded_archive_name;
return fp;
@@ -1061,7 +1075,8 @@ open_old_archive()
* if ( (errno&0xffff)!=E_PNNF ) { archive_name =
* expanded_archive_name; return NULL; }
*/
- sprintf(expanded_archive_name, "%s.lzs", archive_name);
+ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+ "%s.lzs", archive_name);
if (open_old_archive_1(expanded_archive_name, &fp)) {
archive_name = expanded_archive_name;
return fp;
diff -urNp lha-114i.orig/src/lhext.c lha-114i/src/lhext.c
--- lha-114i.orig/src/lhext.c 2004-08-03 15:53:56.000000000 -0500
+++ lha-114i/src/lhext.c 2004-08-03 15:55:40.000000000 -0500
@@ -82,7 +82,8 @@ make_parent_path(name)
register char *p;
/* make parent directory name into PATH for recursive call */
- strcpy(path, name);
+ memset(path, 0, sizeof(path));
+ strncpy(path, name, sizeof(path)-1);
for (p = path + strlen(path); p > path; p--)
if (p[-1] == '/') {
*--p = '\0';
@@ -212,9 +213,11 @@ extract_one(afp, hdr)
}
if (extract_directory)
- sprintf(name, "%s/%s", extract_directory, q);
- else
- strcpy(name, q);
+ snprintf(name, sizeof(name), "%s/%s", extract_directory, q);
+ else {
+ strncpy(name, q, sizeof(name));
+ name[sizeof(name) - 1] = '\0';
+ }
/* LZHDIRS_METHOD�����ĥإå��������å����� */
@@ -335,7 +338,8 @@ extract_one(afp, hdr)
if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) == UNIX_FILE_SYMLINK) {
char buf[256], *bb1, *bb2;
int l_code;
- strcpy(buf, name);
+ strncpy(buf, name, sizeof(buf));
+ buf[sizeof(buf)-1] = 0;
bb1 = strtok(buf, "|");
bb2 = strtok(NULL, "|");
@@ -365,9 +369,10 @@ extract_one(afp, hdr)
if (quiet != TRUE) {
printf("Symbolic Link %s -> %s\n", bb1, bb2);
}
- strcpy(name, bb1); /* Symbolic's name set */
+ strncpy(name, bb1, 255); /* Symbolic's name set */
+ name[255] = 0;
#else
- sprintf(buf, "%s -> %s", bb1, bb2);
+ sprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2);
warning("Can't make Symbolic Link", buf);
return;
#endif
diff -urNp lha-114i.orig/src/lhlist.c lha-114i/src/lhlist.c
--- lha-114i.orig/src/lhlist.c 2004-08-03 15:53:56.000000000 -0500
+++ lha-114i/src/lhlist.c 2004-08-03 15:54:05.000000000 -0500
@@ -250,7 +250,8 @@ list_one(hdr)
printf(" %s", hdr->name);
else {
char buf[256], *b1, *b2;
- strcpy(buf, hdr->name);
+ strncpy(buf, hdr->name, sizeof(buf));
+ buf[sizeof(buf)-1] = 0;
b1 = strtok(buf, "|");
b2 = strtok(NULL, "|");
printf(" %s -> %s", b1, b2);
diff -urNp lha-114i.orig/src/util.c lha-114i/src/util.c
--- lha-114i.orig/src/util.c 2004-08-03 15:53:56.000000000 -0500
+++ lha-114i/src/util.c 2004-08-03 15:54:05.000000000 -0500
@@ -276,21 +276,27 @@ rmdir(path)
char *path;
{
int stat, rtn = 0;
- char *cmdname;
- if ((cmdname = (char *) malloc(strlen(RMDIRPATH) + 1 + strlen(path) + 1))
- == 0)
+ pid_t child;
+
+
+ /* XXX thomas: shell meta chars in path could exec commands */
+ /* therefore we should avoid using system() */
+ if ((child = fork()) < 0)
+ return (-1); /* fork error */
+ else if (child) { /* parent process */
+ while (child != wait(&stat)) /* ignore signals */
+ continue;
+ }
+ else { /* child process */
+ execl(RMDIRPATH, "rmdir", path, (char *) 0);
+ /* never come here except execl is error */
return (-1);
- strcpy(cmdname, RMDIRPATH);
- *(cmdname + strlen(RMDIRPATH)) = ' ';
- strcpy(cmdname + strlen(RMDIRPATH) + 1, path);
- if ((stat = system(cmdname)) < 0)
- rtn = -1; /* fork or exec error */
- else if (stat) { /* RMDIR command error */
- errno = EIO;
- rtn = -1;
}
- free(cmdname);
- return (rtn);
+ if (stat != 0) {
+ errno = EIO; /* cannot get error num. */
+ return (-1);
+ }
+ return (0);
}
/* ------------------------------------------------------------------------ */
lha-1.14i-symlink.patch:
--- NEW FILE lha-1.14i-symlink.patch ---
--- lha-114i/src/lhext.c.symlink 2000-10-04 10:57:38.000000000 -0400
+++ lha-114i/src/lhext.c 2003-05-19 22:55:57.000000000 -0400
@@ -351,6 +351,7 @@ extract_one(afp, hdr)
}
unlink(bb1);
+ make_parent_path(bb1);
l_code = symlink(bb2, bb1);
if (l_code < 0) {
if (quiet != TRUE)
--- NEW FILE lha.spec ---
Name: lha
Version: 1.14i
Release: 20%{?dist}
Summary: Archiving and compression utility for LHarc/lha/lzh archives
Group: Applications/Archiving
License: Distributable
URL: http://www2m.biglobe.ne.jp/~dolphin/lha/prog/
Source0: http://www2m.biglobe.ne.jp/~dolphin/%{name}/prog/%{name}-114i.tar.gz
Patch0: lha-1.14i-symlink.patch
Patch1: lha-1.14i-malloc.patch
Patch2: lha-1.14i-sec.patch
Patch3: lha-1.14i-dir_length_bounds_check.patch
Patch4: lha-1.14i-sec2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%description
LHA is an archiving and compression utility for LHarc/lha/lzh format archives.
%prep
%setup -qn lha-114i
%patch0 -p1 -b .symlink
%patch1 -p1 -b .malloc
# security fixes
%patch2 -p1 -b .sec
%patch3 -p1 -b .sec
%patch4 -p1 -b .sec
# Rename doc files to better represent encoding which is EUC (jp)
mv change-114e.txt change-114e.euc
mv change-114g.txt change-114g.euc
mv change-114h.txt change-114h.euc
mv change-114i.txt change-114i.euc
%build
make %{?_smp_mflags} OPTIMIZE="%{optflags} -DSUPPORT_LH7 -DMKSTEMP"
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_bindir}
install -m0755 src/lha %{buildroot}%{_bindir}
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%doc change-114* CHANGES.euc PROBLEMS.euc README.euc
%{_bindir}/lha
%changelog
* Sun Jan 14 2007 Ian Chapman <packages(a)amiga-hardware.com> 1.14i-20%{?dist}
- Initial dribble release
- Aesthetic spec clean-ups for publishing in dribble
- Use %%{?_smp_mflags}
- Use %%{optflags}
- Changed the description (it's saner IMHO)
- Include changelogs
- Dropped MACHINES*, useless to end user
- Changed license field from freeware to distributable
* Fri Feb 10 2006 Jesse Keating <jkeating(a)redhat.com> - 1.14i-19.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating(a)redhat.com> - 1.14i-19.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating(a)redhat.com>
- rebuilt
* Sat Mar 05 2005 Than Ngo <than(a)redhat.com> 1.14i-19
- rebuilt
* Wed Feb 09 2005 Than Ngo <than(a)redhat.com> 1.14i-18
- rebuilt
* Fri Sep 10 2004 Than Ngo <than(a)redhat.com> 1.14i-17
- security vulnerabilities CAN-2004-0769, CAN-2004-0771, CAN-2004-0694, CAN-2004-0745
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Fri May 21 2004 Than Ngo <than(a)redhat.com> 1.14i-15
- fix segmentation fault on ia64
* Wed May 05 2004 Than Ngo <than(a)redhat.com> 1.14i-14
- fix security vulnerabilities, CAN-2004-0234, CAN-2004-0235
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Wed Jun 04 2003 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Tue May 20 2003 Than Ngo <than(a)redhat.com> 1.14i-11
- add patch file from Matt Wilson, bug #91206
* Wed Jan 22 2003 Tim Powers <timp(a)redhat.com>
- rebuilt
* Wed Dec 11 2002 Tim Powers <timp(a)redhat.com> 1.14i-8
- rebuild on all arches
* Fri Jun 21 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Wed Jun 19 2002 Than Ngo <than(a)redhat.com> 1.14i-6
- don't forcibly strip binaries
* Thu May 23 2002 Tim Powers <timp(a)redhat.com>
- automated rebuild
* Wed Feb 27 2002 Than Ngo <than(a)redhat.com> 1.14i-4
- rebuild
* Tue Jan 29 2002 Than Ngo <than(a)redhat.com> 1.14i-3
- rebuild in rawhide
* Tue Sep 25 2001 Than Ngo <than(a)redhat.com> 1.14i-1
- update to 1.14i (bug #52779)
* Mon May 21 2001 Tim Powers <timp(a)redhat.com>
- rebuilt for the distro
* Mon Jul 24 2000 Prospector <prospector(a)redhat.com>
- rebuilt
* Wed Jul 12 2000 Than Ngo <than(a)redhat.de>
- rebuilt
* Mon Jul 03 2000 Prospector <bugzilla(a)redhat.com>
- automatic rebuild
* Fri May 12 2000 Tim Powers <timp(a)redhat.com>
- rebuilt for Powertools-7.0
* Wed Jan 19 2000 Bill Nottingham <notting(a)redhat.com>
- add some more docs
* Sun Mar 21 1999 Cristian Gafton <gafton(a)redhat.com>
- auto rebuild in the new build environment (release 11)
* Tue Jan 24 1999 Michael Maher <mike(a)redhat.com>
- this package will never change.
- changed groups
* Thu Dec 17 1998 Michael Maher <mike(a)redhat.com>
- built package for 6.0
* Wed Sep 23 1998 Jeff Johnson <jbj(a)redhat.com>
- add english doco.
* Sat Aug 15 1998 Jeff Johnson <jbj(a)redhat.com>
- build root
* Mon Apr 27 1998 Prospector System <bugs(a)redhat.com>
- translations modified for de, fr, tr
* Tue Oct 21 1997 Donnie Barnes <djb(a)redhat.com>
- removed man page, wasn't ASCII and caused more harm than good
- spec file cleanups
* Thu Jul 10 1997 Erik Troan <ewt(a)redhat.com>
- built against glibc
Index: .cvsignore
===================================================================
RCS file: /cvs/nonfree/rpms/lha/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore 1 Jun 2008 15:44:11 -0000 1.1
+++ .cvsignore 24 Jul 2008 09:47:12 -0000 1.2
@@ -0,0 +1 @@
+lha-114i.tar.gz
Index: sources
===================================================================
RCS file: /cvs/nonfree/rpms/lha/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources 1 Jun 2008 15:44:11 -0000 1.1
+++ sources 24 Jul 2008 09:47:12 -0000 1.2
@@ -0,0 +1 @@
+5225884d557b91f04124693e2c5c9e94 lha-114i.tar.gz
6055
days inactive
6055
days old
rpmfusion-commits@lists.rpmfusion.org
0 comments
1 participants
participants (1)
-
jwrdegoede