From 8de53aeddaf1b1bb3cfa7258f4e51dbac425a421 Mon Sep 17 00:00:00 2001 From: Ondrej Vasik Date: Wed, 10 Mar 2010 13:49:51 +0000 Subject: [PATCH] CVE-2010-0624 fix heap-based buffer overflow by expanding a specially-crafted archive(#572150) --- cpio-2.10-rtapeliboverflow.patch | 13 +++++++++++++ cpio.spec | 10 +++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 cpio-2.10-rtapeliboverflow.patch diff --git a/cpio-2.10-rtapeliboverflow.patch b/cpio-2.10-rtapeliboverflow.patch new file mode 100644 index 0000000..99558cb --- /dev/null +++ b/cpio-2.10-rtapeliboverflow.patch @@ -0,0 +1,13 @@ +diff -urNp cpio-2.10-orig/lib/rtapelib.c cpio-2.10/lib/rtapelib.c +--- cpio-2.10-orig/lib/rtapelib.c 2010-03-10 14:41:41.000000000 +0100 ++++ cpio-2.10/lib/rtapelib.c 2010-03-10 14:44:54.000000000 +0100 +@@ -580,6 +580,9 @@ rmt_read__ (int handle, char *buffer, si + || (status = get_status (handle)) == SAFE_READ_ERROR) + return SAFE_READ_ERROR; + ++ if (status > length) ++ return SAFE_READ_ERROR; ++ + for (counter = 0; counter < status; counter += rlen, buffer += rlen) + { + rlen = safe_read (READ_SIDE (handle), buffer, status - counter); diff --git a/cpio.spec b/cpio.spec index fb5c8f3..35fb95c 100644 --- a/cpio.spec +++ b/cpio.spec @@ -3,7 +3,7 @@ Summary: A GNU archiving program Name: cpio Version: 2.10 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv3+ Group: Applications/Archiving URL: http://www.gnu.org/software/cpio/ @@ -19,6 +19,9 @@ Patch7: cpio-2.9-sys_umask.patch Patch8: cpio-2.9.90-defaultremoteshell.patch Patch9: cpio-2.10-utimens.patch Patch10: cpio-2.10-patternnamesigsegv.patch +# CVE-2010-0624 fix heap-based buffer overflow by expanding +# a specially-crafted archive(#572150) +Patch11: cpio-2.10-rtapeliboverflow.patch Requires(post): /sbin/install-info Requires(preun): /sbin/install-info BuildRequires: texinfo, autoconf, gettext, rmt @@ -50,6 +53,7 @@ Install cpio if you need a program to manage file archives. %patch8 -p1 -b .defaultremote %patch9 -p1 -b .utimens %patch10 -p1 -b .patternsegv +%patch11 -p1 -b .rtapelib autoheader @@ -94,6 +98,10 @@ fi %{_infodir}/*.info* %changelog +* Wed Mar 10 2010 Ondrej Vasik 2.10-6 +- CVE-2010-0624 fix heap-based buffer overflow by expanding + a specially-crafted archive(#572150) + * Mon Feb 22 2010 Ondrej Vasik 2.10-5 - fix segfault with nonexisting file with patternnames (#567022)