89 lines
3.3 KiB
Diff
89 lines
3.3 KiB
Diff
Partially fix CVE-2014-9112, part 5/5. Backported to 2.11.
|
|
|
|
From f6a8a2cbd2d5ca40ea94900b55b845dd5ca87328 Mon Sep 17 00:00:00 2001
|
|
From: Sergey Poznyakoff <gray@gnu.org.ua>
|
|
Date: Thu, 11 Dec 2014 13:21:40 +0000
|
|
Subject: Fix symlink-bad-length test for 64-bit architectures.
|
|
|
|
* src/util.c: Return non-zero exit code if EOF is hit prematurely.
|
|
* tests/symlink-bad-length.at: Revert to original archive: there's
|
|
no use testing for recovery, because that depends on the host
|
|
architecture. Don't test for exit code as well (same reason).
|
|
Account for eventual warning messages.
|
|
---
|
|
diff --git a/src/util.c b/src/util.c
|
|
index 6c483f8..39c9813 100644
|
|
--- a/src/util.c
|
|
+++ b/src/util.c
|
|
@@ -206,10 +206,7 @@ tape_fill_input_buffer (int in_des, int
|
|
if (input_size < 0)
|
|
error (1, errno, _("read error"));
|
|
if (input_size == 0)
|
|
- {
|
|
- error (0, 0, _("premature end of file"));
|
|
- exit (1);
|
|
- }
|
|
+ error (PAXEXIT_FAILURE, 0, _("premature end of file"));
|
|
input_bytes += input_size;
|
|
}
|
|
|
|
diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
|
|
index 4dbeaa3..e1a7093 100644
|
|
--- a/tests/symlink-bad-length.at
|
|
+++ b/tests/symlink-bad-length.at
|
|
@@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length])
|
|
AT_KEYWORDS([symlink-long copyout])
|
|
|
|
AT_DATA([ARCHIVE.base64],
|
|
-[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk
|
|
-AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA
|
|
-c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA
|
|
+[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv
|
|
+JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF
|
|
+UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
@@ -35,25 +35,30 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
|
|
])
|
|
|
|
+# The exact error message and exit status depend on the host architecture,
|
|
+# therefore strderr is filtered out and error code is not checked.
|
|
+
|
|
+# So far the only case when cpio would exit with code 0 is when it skips
|
|
+# several bytes and encounters a valid record header. Perhaps it should
|
|
+# exit with code 2 (non-critical error), if at least one byte was skipped,
|
|
+# but that could hurt backward compatibility.
|
|
+
|
|
AT_CHECK([
|
|
base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
|
|
-TZ=UTC cpio -ntv < ARCHIVE 2>stderr
|
|
-rc=$?
|
|
+TZ=UTC cpio -ntv < ARCHIVE 2>stderr
|
|
cat stderr | grep -v \
|
|
-e 'stored filename length is out of range' \
|
|
-e 'premature end of file' \
|
|
-e 'archive header has reverse byte-order' \
|
|
-e 'memory exhausted' \
|
|
+ -e 'skipped [[0-9][0-9]*] bytes of junk' \
|
|
+ -e '[[0-9][0-9]*] block' \
|
|
>&2
|
|
echo >&2 STDERR
|
|
-test "$rc" -ne 0
|
|
],
|
|
-[1],
|
|
-[-rw-rw-r-- 1 1000 100 13 Dec 11 09:02 FILE
|
|
--rw-r--r-- 1 1000 100 18 Dec 11 10:13 FILE2
|
|
-],[cpio: warning: skipped 4 bytes of junk
|
|
-1 block
|
|
-STDERR
|
|
+[0],
|
|
+[-rw-rw-r-- 1 10029 10031 13 Nov 25 11:52 FILE
|
|
+],[STDERR
|
|
])
|
|
|
|
AT_CLEANUP
|
|
--
|
|
cgit v0.9.0.2
|