Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.bugs.dist > #910802
| From | ben@decadent.org.uk |
|---|---|
| Newsgroups | linux.debian.bugs.dist |
| Subject | Bug#904749: make-dfsg: diff for NMU version 4.2.1-1.2 |
| Date | 2018-08-02 06:50 +0200 |
| Message-ID | <widIJ-2H2-3@gated-at.bofh.it> (permalink) |
| References | <wgb8l-gs-7@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Control: tags 904749 + pending
Dear maintainer,
I've prepared an NMU for make-dfsg (versioned as 4.2.1-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
diff -u make-dfsg-4.2.1/arscan.c make-dfsg-4.2.1/arscan.c
--- make-dfsg-4.2.1/arscan.c
+++ make-dfsg-4.2.1/arscan.c
@@ -414,6 +414,7 @@
# endif
#endif
char *namemap = 0;
+ int namemap_size = 0;
int desc = open (archive, O_RDONLY, 0);
if (desc < 0)
return -1;
@@ -667,10 +668,15 @@
&& namemap != 0)
{
int name_off = atoi (name + 1);
- if (name_off < 1 || name_off > ARNAME_MAX)
+ int name_len;
+
+ if (name_off < 0 || name_off >= namemap_size)
goto invalid;
name = namemap + name_off;
+ name_len = strlen (name);
+ if (name_len < 1)
+ goto invalid;
long_name = 1;
}
else if (name[0] == '#'
@@ -678,7 +684,8 @@
&& name[2] == '/')
{
int name_len = atoi (name + 3);
- if (name_len < 1 || name_len > ARNAME_MAX)
+
+ if (name_len < 1 || name_len > INT_MAX)
goto invalid;
name = alloca (name_len + 1);
@@ -747,10 +754,13 @@
char *clear;
char *limit;
- namemap = alloca (eltsize);
+ if (eltsize > INT_MAX)
+ goto invalid;
+ namemap = alloca (eltsize + 1);
EINTRLOOP (nread, read (desc, namemap, eltsize));
if (nread != eltsize)
goto invalid;
+ namemap_size = eltsize;
/* The names are separated by newlines. Some formats have
a trailing slash. Null terminate the strings for
@@ -765,6 +775,7 @@
clear[-1] = '\0';
}
}
+ *limit = '\0';
is_namemap = 0;
}
diff -u make-dfsg-4.2.1/debian/changelog make-dfsg-4.2.1/debian/changelog
--- make-dfsg-4.2.1/debian/changelog
+++ make-dfsg-4.2.1/debian/changelog
@@ -1,3 +1,11 @@
+make-dfsg (4.2.1-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix validation of long names in archives (regression in 4.2.1-1.1)
+ (Closes: #904749)
+
+ -- Ben Hutchings <ben@decadent.org.uk> Sat, 28 Jul 2018 18:07:31 +0800
+
make-dfsg (4.2.1-1.1) unstable; urgency=medium
* Non-maintainer upload
Back to linux.debian.bugs.dist | Previous | Next — Previous in thread | Find similar | Unroll thread
Bug#904749: make: patch of arscan.c fails dependency testing Philipp Wolski <philipp.wolski@kisters.de> - 2018-07-27 15:40 +0200
Bug#904749: make: patch of arscan.c fails dependency testing Ben Hutchings <ben@decadent.org.uk> - 2018-07-27 17:50 +0200
Bug#904749: make: patch of arscan.c fails dependency testing Ben Hutchings <ben@decadent.org.uk> - 2018-07-27 18:00 +0200
Bug#904749: make: patch of arscan.c fails dependency testing Philipp Wolski <Philipp.Wolski@kisters.de> - 2018-07-27 20:40 +0200
Bug#904749: make: patch of arscan.c fails dependency testing Ben Hutchings <ben@decadent.org.uk> - 2018-07-28 04:50 +0200
Bug#904749: make: patch of arscan.c fails dependency testing Philipp Wolski <philipp.wolski@gmail.com> - 2018-07-27 21:10 +0200
Bug#904749: make: patch of arscan.c fails dependency testing Philipp Wolski <philipp.wolski@gmail.com> - 2018-07-28 11:50 +0200
Bug#904749: make-dfsg: diff for NMU version 4.2.1-1.2 ben@decadent.org.uk - 2018-08-02 06:50 +0200
csiph-web