Partially fix CVE-2014-9112, part 5/5. Backported to 2.11. From f6a8a2cbd2d5ca40ea94900b55b845dd5ca87328 Mon Sep 17 00:00:00 2001 From: Sergey Poznyakoff Date: Thu, 11 Dec 2014 13:21:40 +0000 Subject: Fix symlink-bad-length test for 64-bit architectures. * src/util.c: Return non-zero exit code if EOF is hit prematurely. * tests/symlink-bad-length.at: Revert to original archive: there's no use testing for recovery, because that depends on the host architecture. Don't test for exit code as well (same reason). Account for eventual warning messages. --- diff --git a/src/util.c b/src/util.c index 6c483f8..39c9813 100644 --- a/src/util.c +++ b/src/util.c @@ -206,10 +206,7 @@ tape_fill_input_buffer (int in_des, int if (input_size < 0) error (1, errno, _("read error")); if (input_size == 0) - { - error (0, 0, _("premature end of file")); - exit (1); - } + error (PAXEXIT_FAILURE, 0, _("premature end of file")); input_bytes += input_size; } diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at index 4dbeaa3..e1a7093 100644 --- a/tests/symlink-bad-length.at +++ b/tests/symlink-bad-length.at @@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length]) AT_KEYWORDS([symlink-long copyout]) AT_DATA([ARCHIVE.base64], -[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk -AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA -c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA +[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv +JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF +UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA @@ -35,25 +35,30 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ]) +# The exact error message and exit status depend on the host architecture, +# therefore strderr is filtered out and error code is not checked. + +# So far the only case when cpio would exit with code 0 is when it skips +# several bytes and encounters a valid record header. Perhaps it should +# exit with code 2 (non-critical error), if at least one byte was skipped, +# but that could hurt backward compatibility. + AT_CHECK([ base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST -TZ=UTC cpio -ntv < ARCHIVE 2>stderr -rc=$? +TZ=UTC cpio -ntv < ARCHIVE 2>stderr cat stderr | grep -v \ -e 'stored filename length is out of range' \ -e 'premature end of file' \ -e 'archive header has reverse byte-order' \ -e 'memory exhausted' \ + -e 'skipped [[0-9][0-9]*] bytes of junk' \ + -e '[[0-9][0-9]*] block' \ >&2 echo >&2 STDERR -test "$rc" -ne 0 ], -[1], -[-rw-rw-r-- 1 1000 100 13 Dec 11 09:02 FILE --rw-r--r-- 1 1000 100 18 Dec 11 10:13 FILE2 -],[cpio: warning: skipped 4 bytes of junk -1 block -STDERR +[0], +[-rw-rw-r-- 1 10029 10031 13 Nov 25 11:52 FILE +],[STDERR ]) AT_CLEANUP -- cgit v0.9.0.2