Minor fix for CVE-2021-38185

Resolves: #1992512
Version: 2.13-14

cpio-2.13-CVE-2021-38185.patch

@@ -1,17 +1,13 @@
-Subject: [PATCH]  
+Subject: [PATCH] * src/dstring.c (ds_init): Take a single argument. (ds_free):
-* src/dstring.c (ds_init): Take a single argument.
+ New function. (ds_resize): Take a single argument.  Use x2nrealloc to expand
- (ds_free):  New function. (ds_resize): Take a single argument.  Use
+ the storage. (ds_reset,ds_append,ds_concat,ds_endswith): New function.
- x2nrealloc to expand  the storage.
+ (ds_fgetstr): Rewrite.  In particular, this fixes integer overflow.
- (ds_reset,ds_append,ds_concat,ds_endswith): New function.  (ds_fgetstr):
+ (ds_reset,ds_concat): Don't call ds_resize in a loop. * src/dstring.h
- Rewrite.  In particular, this fixes integer overflow.  
+ (dynamic_string): Keep both the allocated length (ds_size) and index of the
-* src/dstring.h (dynamic_string): Keep both the allocated length (ds_size) and  index of the
+ next free byte in the string (ds_idx). (ds_init,ds_resize): Change signature.
- next free byte in the string (ds_idx). (ds_init,ds_resize):  Change
+ (ds_len): New macro. (ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New
- signature. (ds_len): New macro. 
+ protos. * src/copyin.c: Use new ds_ functions. * src/copyout.c: Likewise. *
- (ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos.  
+ src/copypass.c: Likewise. * src/util.c: Likewise.
-* src/copyin.c: Use new ds_ functions.  
-* src/copyout.c: Likewise.  
-* src/copypass.c: Likewise.  
-* src/util.c: Likewise.
 
 ---
  src/copyin.c   | 39 +++++++++++-----------
@@ -226,7 +222,7 @@ index a5f9b7b..43bde7e 100644
  
  /* Try and create a hard link from FILE_NAME to another file 
 diff --git a/src/dstring.c b/src/dstring.c
-index e9c063f..290f46c 100644
+index e9c063f..ae5ae86 100644
 --- a/src/dstring.c
 +++ b/src/dstring.c
 @@ -22,6 +22,7 @@
@@ -280,7 +276,7 @@ index e9c063f..290f46c 100644
 +ds_reset (dynamic_string *s, size_t len)
 +{
 +  while (len > s->ds_size)
-+    ds_resize (s);
++    s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
 +  s->ds_idx = len;
 +}
 +
@@ -344,7 +340,7 @@ index e9c063f..290f46c 100644
 +{
 +  size_t len = strlen (str);
 +  while (len + 1 > s->ds_size)
-+    ds_resize (s);
++    s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
 +  memcpy (s->ds_string + s->ds_idx, str, len);
 +  s->ds_idx += len;
 +  s->ds_string[s->ds_idx] = 0;

cpio.spec

@@ -1,7 +1,7 @@
 Summary: A GNU archiving program
 Name: cpio
 Version: 2.13
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv3+
 URL: https://www.gnu.org/software/cpio/
 Source: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
@@ -55,6 +55,7 @@ Patch12: cpio-2.13-reset-gid-uid.patch
 # Fixed integer overflow in ds_fgetstr()
 # upstream patch (#1992512)
 # https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
+# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8
 Patch13: cpio-2.13-CVE-2021-38185.patch
 
 Provides: bundled(gnulib)
@@ -118,6 +119,9 @@ make check || {
 %{_infodir}/*.info*
 
 %changelog
+* Mon Aug 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-14
+- Minor fix for CVE-2021-38185 (#1992512)
+
 * Mon Aug 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-13
 - Fixed CVE-2021-38185 (#1992512)