CVE-2010-0624 fix heap-based buffer overflow by expanding a

specially-crafted archive(#572150)

cpio-2.10-rtapeliboverflow.patch

@@ -0,0 +1,13 @@
+diff -urNp cpio-2.10-orig/lib/rtapelib.c cpio-2.10/lib/rtapelib.c
+--- cpio-2.10-orig/lib/rtapelib.c	2010-03-10 14:41:41.000000000 +0100
++++ cpio-2.10/lib/rtapelib.c	2010-03-10 14:44:54.000000000 +0100
+@@ -580,6 +580,9 @@ rmt_read__ (int handle, char *buffer, si
+       || (status = get_status (handle)) == SAFE_READ_ERROR)
+     return SAFE_READ_ERROR;
+ 
++  if (status > length)
++    return SAFE_READ_ERROR;
++
+   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
+     {
+       rlen = safe_read (READ_SIDE (handle), buffer, status - counter);

cpio.spec

@@ -3,7 +3,7 @@
 Summary: A GNU archiving program
 Name: cpio
 Version: 2.10
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv3+
 Group: Applications/Archiving
 URL: http://www.gnu.org/software/cpio/
@@ -19,6 +19,9 @@ Patch7: cpio-2.9-sys_umask.patch
 Patch8: cpio-2.9.90-defaultremoteshell.patch
 Patch9: cpio-2.10-utimens.patch
 Patch10: cpio-2.10-patternnamesigsegv.patch
+# CVE-2010-0624 fix heap-based buffer overflow by expanding
+# a specially-crafted archive(#572150)
+Patch11: cpio-2.10-rtapeliboverflow.patch
 Requires(post): /sbin/install-info
 Requires(preun): /sbin/install-info
 BuildRequires: texinfo, autoconf, gettext, rmt
@@ -50,6 +53,7 @@ Install cpio if you need a program to manage file archives.
 %patch8  -p1 -b .defaultremote
 %patch9  -p1 -b .utimens
 %patch10 -p1 -b .patternsegv
+%patch11 -p1 -b .rtapelib
 
 autoheader
 
@@ -94,6 +98,10 @@ fi
 %{_infodir}/*.info*
 
 %changelog
+* Wed Mar 10 2010 Ondrej Vasik <ovasik@redhat.com> 2.10-6
+- CVE-2010-0624 fix heap-based buffer overflow by expanding
+  a specially-crafted archive(#572150)
+
 * Mon Feb 22 2010 Ondrej Vasik <ovasik@redhat.com> 2.10-5
 - fix segfault with nonexisting file with patternnames
   (#567022)