rpms
/
cpio
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Minor fix for CVE-2021-38185 

Resolves: #1992512
Version: 2.13-14
This commit is contained in:
Ondrej Dubaj 2021-08-16 11:45:53 +02:00
parent 8b24f03848
commit 362377130c
2 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
cpio-2.13-CVE-2021-38185.patch
View File

@ -1,17 +1,13 @@
Subject: [PATCH]
* src/dstring.c (ds_init): Take a single argument.
(ds_free): New function. (ds_resize): Take a single argument. Use
x2nrealloc to expand the storage.
(ds_reset,ds_append,ds_concat,ds_endswith): New function. (ds_fgetstr):
Rewrite. In particular, this fixes integer overflow.
* src/dstring.h (dynamic_string): Keep both the allocated length (ds_size) and index of the
next free byte in the string (ds_idx). (ds_init,ds_resize): Change
signature. (ds_len): New macro.
(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos.
* src/copyin.c: Use new ds_ functions.
* src/copyout.c: Likewise.
* src/copypass.c: Likewise.
* src/util.c: Likewise.
Subject: [PATCH] * src/dstring.c (ds_init): Take a single argument. (ds_free):
New function. (ds_resize): Take a single argument. Use x2nrealloc to expand
the storage. (ds_reset,ds_append,ds_concat,ds_endswith): New function.
(ds_fgetstr): Rewrite. In particular, this fixes integer overflow.
(ds_reset,ds_concat): Don't call ds_resize in a loop. * src/dstring.h
(dynamic_string): Keep both the allocated length (ds_size) and index of the
next free byte in the string (ds_idx). (ds_init,ds_resize): Change signature.
(ds_len): New macro. (ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New
protos. * src/copyin.c: Use new ds_ functions. * src/copyout.c: Likewise. *
src/copypass.c: Likewise. * src/util.c: Likewise.
---
src/copyin.c | 39 +++++++++++-----------
@ -226,7 +222,7 @@ index a5f9b7b..43bde7e 100644
/* Try and create a hard link from FILE_NAME to another file
diff --git a/src/dstring.c b/src/dstring.c
index e9c063f..290f46c 100644
index e9c063f..ae5ae86 100644
--- a/src/dstring.c
+++ b/src/dstring.c
@@ -22,6 +22,7 @@
@ -280,7 +276,7 @@ index e9c063f..290f46c 100644
+ds_reset (dynamic_string *s, size_t len)
+{
+ while (len > s->ds_size)
+ ds_resize (s);
+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
+ s->ds_idx = len;
+}
+
@ -344,7 +340,7 @@ index e9c063f..290f46c 100644
+{
+ size_t len = strlen (str);
+ while (len + 1 > s->ds_size)
+ ds_resize (s);
+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
+ memcpy (s->ds_string + s->ds_idx, str, len);
+ s->ds_idx += len;
+ s->ds_string[s->ds_idx] = 0;

6
cpio.spec
View File

@ -1,7 +1,7 @@
Summary: A GNU archiving program
Name: cpio
Version: 2.13
Release: 13%{?dist}
Release: 14%{?dist}
License: GPLv3+
URL: https://www.gnu.org/software/cpio/
Source: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
@ -55,6 +55,7 @@ Patch12: cpio-2.13-reset-gid-uid.patch
# Fixed integer overflow in ds_fgetstr()
# upstream patch (#1992512)
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8
Patch13: cpio-2.13-CVE-2021-38185.patch
Provides: bundled(gnulib)
@ -118,6 +119,9 @@ make check || {
%{_infodir}/*.info*
%changelog
* Mon Aug 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-14
- Minor fix for CVE-2021-38185 (#1992512)
* Mon Aug 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-13
- Fixed CVE-2021-38185 (#1992512)