From f09faea26203eb9f546d932927ab25142b8196ae Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sun, 30 Oct 2005 05:32:24 +0000 Subject: rename patches --- app-arch/lha/Manifest | 29 ++- .../files/lha-114i-dir_length_bounds_check.patch | 20 +++ app-arch/lha/files/lha-114i-lhext.diff | 18 -- app-arch/lha/files/lha-114i-malloc.patch | 4 +- app-arch/lha/files/lha-114i-sec.patch | 75 ++++++++ app-arch/lha/files/lha-114i-sec2.patch | 191 ++++++++++++++++++++ app-arch/lha/files/lha-114i-symlink.patch | 4 +- app-arch/lha/files/lha-114i.diff | 75 -------- app-arch/lha/files/lha-command_buffer.patch | 196 --------------------- .../lha/files/lha-dir_length_bounds_check.patch | 20 --- 10 files changed, 300 insertions(+), 332 deletions(-) create mode 100644 app-arch/lha/files/lha-114i-dir_length_bounds_check.patch delete mode 100644 app-arch/lha/files/lha-114i-lhext.diff create mode 100644 app-arch/lha/files/lha-114i-sec.patch create mode 100644 app-arch/lha/files/lha-114i-sec2.patch delete mode 100644 app-arch/lha/files/lha-114i.diff delete mode 100644 app-arch/lha/files/lha-command_buffer.patch delete mode 100644 app-arch/lha/files/lha-dir_length_bounds_check.patch (limited to 'app-arch/lha') diff --git a/app-arch/lha/Manifest b/app-arch/lha/Manifest index 9ab6114c5b09..a68755868ef9 100644 --- a/app-arch/lha/Manifest +++ b/app-arch/lha/Manifest @@ -1,19 +1,10 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -MD5 6eab62e027b7cb0d4a0c6cc8275bac28 lha-114i-r4.ebuild 1096 -MD5 e0293e04e38f2dce108fdd9da4c3f0f6 ChangeLog 2725 -MD5 0ca54fececc10dcda9d3e9f649102c78 files/digest-lha-114i-r4 59 -MD5 928b60b965833353acc7d99b063b9f29 files/lha-114i-malloc.patch 257 -MD5 ff83fd8d0be0194387cb243d91100e61 files/lha-dir_length_bounds_check.patch 556 -MD5 7e87f643ac65634d0b934b7bfcd6a8cb files/lha-114i.diff 1721 -MD5 aecad116178774c3d84d2776e099639a files/lha-command_buffer.patch 6437 -MD5 414d7156c3bc01a95a10ee240e3e8535 files/lha-114i-symlink.patch 308 -MD5 9c4e9404173fd5897d3736e33c909b81 files/lha-114i-lhext.diff 513 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.2 (GNU/Linux) - -iD8DBQFDDlOqgIKl8Uu19MoRAkw6AJ4rkWFkiPmwyCHBsmGCpQHnxDoR3gCggHO6 -uDVqET6+CywuoSSTrDszMbo= -=zakb ------END PGP SIGNATURE----- +MD5 e470eb5963d8ee09bfd2727eeb56bba2 ChangeLog 3054 +MD5 0ca54fececc10dcda9d3e9f649102c78 files/digest-lha-114i-r5 59 +MD5 2be58a222a07490e0347f138f65c97d4 files/lha-114i-build.patch 1341 +MD5 bf52f3a88c9f88cdbaadda926050333e files/lha-114i-detect-cmd-extract-fail.patch 3151 +MD5 de7e57548c17115a6a39b8cb5f88234d files/lha-114i-dir_length_bounds_check.patch 502 +MD5 254ee5496c0968b19e8e1a20c3b90289 files/lha-114i-malloc.patch 180 +MD5 a1ef659783bc7224c48dbc07cf436788 files/lha-114i-sec.patch 1621 +MD5 f44e42e6131c63f0e2e67e49732b6e57 files/lha-114i-sec2.patch 5754 +MD5 d409c5c0a2b75a477e7baa7ebc62a559 files/lha-114i-symlink.patch 228 +MD5 87f8394a1eaec58d059d1283e326daac lha-114i-r5.ebuild 1107 diff --git a/app-arch/lha/files/lha-114i-dir_length_bounds_check.patch b/app-arch/lha/files/lha-114i-dir_length_bounds_check.patch new file mode 100644 index 000000000000..78543673b982 --- /dev/null +++ b/app-arch/lha/files/lha-114i-dir_length_bounds_check.patch @@ -0,0 +1,20 @@ +--- lha-114i/src/header.c ++++ lha-114i/src/header.c +@@ -648,8 +648,17 @@ + } + + if (dir_length) { ++ if ((dir_length + name_length) > sizeof(dirname)) { ++ fprintf(stderr, "Insufficient buffer size\n"); ++ exit(112); ++ } + strcat(dirname, hdr->name); +- strcpy(hdr->name, dirname); ++ ++ if ((dir_length + name_length) > sizeof(hdr->name)) { ++ fprintf(stderr, "Insufficient buffer size\n"); ++ exit(112); ++ } ++ strncpy(hdr->name, dirname, sizeof(hdr->name)); + name_length += dir_length; + } diff --git a/app-arch/lha/files/lha-114i-lhext.diff b/app-arch/lha/files/lha-114i-lhext.diff deleted file mode 100644 index dca1f2a458be..000000000000 --- a/app-arch/lha/files/lha-114i-lhext.diff +++ /dev/null @@ -1,18 +0,0 @@ -diff -urN lha-114i/src/lhext.c lha-114i.lhext/src/lhext.c ---- lha-114i/src/lhext.c 2000-10-04 23:57:38.000000000 +0900 -+++ lha-114i.lhext/src/lhext.c 2004-05-20 01:06:41.000000000 +0900 -@@ -207,9 +207,11 @@ - } - - if (extract_directory) -- sprintf(name, "%s/%s", extract_directory, q); -- else -- strcpy(name, q); -+ snprintf(name, sizeof(name), "%s/%s", extract_directory, q); -+ else { -+ strncpy(name, q, sizeof(name)); -+ name[sizeof(name) - 1] = '\0'; -+ } - - - /* LZHDIRS_METHOD¤ò»ý¤Ä¥Ø¥Ã¥À¤ò¥Á¥§¥Ã¥¯¤¹¤ë */ diff --git a/app-arch/lha/files/lha-114i-malloc.patch b/app-arch/lha/files/lha-114i-malloc.patch index cc3b034dc5e3..9f4499aecaff 100644 --- a/app-arch/lha/files/lha-114i-malloc.patch +++ b/app-arch/lha/files/lha-114i-malloc.patch @@ -1,5 +1,5 @@ ---- lha-114i/src/lha.h.orig 2004-05-19 19:24:19.000000000 -0400 -+++ lha-114i/src/lha.h 2004-05-19 19:23:19.000000000 -0400 +--- lha-114i/src/lha.h ++++ lha-114i/src/lha.h @@ -16,6 +16,7 @@ #include #include diff --git a/app-arch/lha/files/lha-114i-sec.patch b/app-arch/lha/files/lha-114i-sec.patch new file mode 100644 index 000000000000..3f4dca7993d6 --- /dev/null +++ b/app-arch/lha/files/lha-114i-sec.patch @@ -0,0 +1,75 @@ +--- lha-114i/src/header.c ++++ lha-114i/src/header.c +@@ -538,6 +538,10 @@ + /* + * filename + */ ++ if (header_size >= 256) { ++ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n"); ++ exit(109); ++ } + for (i = 0; i < header_size - 3; i++) + hdr->name[i] = (char) get_byte(); + hdr->name[header_size - 3] = '\0'; +@@ -547,6 +551,10 @@ + /* + * directory + */ ++ if (header_size >= FILENAME_LENGTH) { ++ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n"); ++ exit(110); ++ } + for (i = 0; i < header_size - 3; i++) + dirname[i] = (char) get_byte(); + dirname[header_size - 3] = '\0'; +--- lha-114i/src/lhext.c ++++ lha-114i/src/lhext.c +@@ -190,8 +190,13 @@ + q = (char *) rindex(hdr->name, '/') + 1; + } + else { ++ if (is_directory_traversal(q)) { ++ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q); ++ exit(111); ++ } ++ + if (*q == '/') { +- q++; ++ while (*q == '/') { q++; } + /* + * if OSK then strip device name + */ +@@ -419,6 +424,33 @@ + return; + } + ++int ++is_directory_traversal(char *string) ++{ ++ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */ ++ char *temp; ++ ++ temp = string; ++ ++ while (*temp != 0) { ++ if (temp[0] == '/') { ++ if (type == 1) { return 1; } ++ type = 0; ++ temp++; ++ continue; ++ } ++ ++ if ((temp[0] == '.') && (type < 2)) ++ type = 1; ++ if (temp[0] != '.') ++ type = 2; ++ ++ temp++; ++ } /* while */ ++ ++ return (type == 1); ++} ++ + /* Local Variables: */ + /* mode:c */ + /* tab-width:4 */ diff --git a/app-arch/lha/files/lha-114i-sec2.patch b/app-arch/lha/files/lha-114i-sec2.patch new file mode 100644 index 000000000000..897389def8d2 --- /dev/null +++ b/app-arch/lha/files/lha-114i-sec2.patch @@ -0,0 +1,191 @@ +--- lha-114i/src/lha_macro.h ++++ lha-114i/src/lha_macro.h +@@ -53,7 +53,7 @@ + #define SEEK_SET 0 + #define SEEK_CUR 1 + #define SEEK_END 2 +-#endif /* SEEK_SET ++#endif /* SEEK_SET */ + + + /* non-integral functions */ +--- lha-114i/src/lharc.c ++++ lha-114i/src/lharc.c +@@ -830,9 +830,10 @@ find_files(name, v_filec, v_filev) + DIRENTRY *dp; + struct stat tmp_stbuf, arc_stbuf, fil_stbuf; + +- strcpy(newname, name); ++ strncpy(newname, name, sizeof(newname)); ++ newname[sizeof(newname)-1] = 0; + len = strlen(name); +- if (len > 0 && newname[len - 1] != '/') ++ if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1)) + newname[len++] = '/'; + + dirp = opendir(name); +@@ -846,6 +847,11 @@ find_files(name, v_filec, v_filev) + + for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) { + n = NAMLEN(dp); ++ if (len >= (sizeof(newname)-1) || ++ (len+n) >= (sizeof(newname)-1) || ++ n <= 0 || ++ (len+n) <= 0) ++ break; + strncpy(newname + len, dp->d_name, n); + newname[len + n] = '\0'; + if (GETSTAT(newname, &fil_stbuf) < 0) +@@ -903,7 +909,8 @@ build_temporary_name() + strcpy(temporary_name, TMP_FILENAME_TEMPLATE); + } + else { +- sprintf(temporary_name, "%s/lhXXXXXX", extract_directory); ++ snprintf(temporary_name, sizeof(temporary_name), ++ "%s/lhXXXXXX", extract_directory); + } + #ifdef MKSTEMP + mkstemp(temporary_name); +@@ -913,10 +920,16 @@ build_temporary_name() + #else + char *p, *s; + +- strcpy(temporary_name, archive_name); ++ strncpy(temporary_name, archive_name, sizeof(temporary_name)); ++ temporary_name[sizeof(temporary_name)-1] = 0; + for (p = temporary_name, s = (char *) 0; *p; p++) + if (*p == '/') + s = p; ++ ++ if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1 ++ <= strlen("lhXXXXXX")) ++ exit(-1); ++ + strcpy((s ? s + 1 : temporary_name), "lhXXXXXX"); + #ifdef MKSTEMP + mkstemp(temporary_name); +@@ -1052,7 +1065,8 @@ open_old_archive() + + if (open_old_archive_1(archive_name, &fp)) + return fp; +- sprintf(expanded_archive_name, "%s.lzh", archive_name); ++ snprintf(expanded_archive_name, sizeof(expanded_archive_name), ++ "%s.lzh", archive_name); + if (open_old_archive_1(expanded_archive_name, &fp)) { + archive_name = expanded_archive_name; + return fp; +@@ -1061,7 +1075,8 @@ open_old_archive() + * if ( (errno&0xffff)!=E_PNNF ) { archive_name = + * expanded_archive_name; return NULL; } + */ +- sprintf(expanded_archive_name, "%s.lzs", archive_name); ++ snprintf(expanded_archive_name, sizeof(expanded_archive_name), ++ "%s.lzs", archive_name); + if (open_old_archive_1(expanded_archive_name, &fp)) { + archive_name = expanded_archive_name; + return fp; +--- lha-114i/src/lhext.c ++++ lha-114i/src/lhext.c +@@ -82,7 +82,8 @@ make_parent_path(name) + register char *p; + + /* make parent directory name into PATH for recursive call */ +- strcpy(path, name); ++ memset(path, 0, sizeof(path)); ++ strncpy(path, name, sizeof(path)-1); + for (p = path + strlen(path); p > path; p--) + if (p[-1] == '/') { + *--p = '\0'; +@@ -212,9 +213,11 @@ extract_one(afp, hdr) + } + + if (extract_directory) +- sprintf(name, "%s/%s", extract_directory, q); +- else +- strcpy(name, q); ++ snprintf(name, sizeof(name), "%s/%s", extract_directory, q); ++ else { ++ strncpy(name, q, sizeof(name)); ++ name[sizeof(name) - 1] = '\0'; ++ } + + + /* LZHDIRS_METHOD�����ĥإå��������å����� */ +@@ -335,7 +338,8 @@ extract_one(afp, hdr) + if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) == UNIX_FILE_SYMLINK) { + char buf[256], *bb1, *bb2; + int l_code; +- strcpy(buf, name); ++ strncpy(buf, name, sizeof(buf)); ++ buf[sizeof(buf)-1] = 0; + bb1 = strtok(buf, "|"); + bb2 = strtok(NULL, "|"); + +@@ -365,9 +369,10 @@ extract_one(afp, hdr) + if (quiet != TRUE) { + printf("Symbolic Link %s -> %s\n", bb1, bb2); + } +- strcpy(name, bb1); /* Symbolic's name set */ ++ strncpy(name, bb1, 255); /* Symbolic's name set */ ++ name[255] = 0; + #else +- sprintf(buf, "%s -> %s", bb1, bb2); ++ sprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2); + warning("Can't make Symbolic Link", buf); + return; + #endif +--- lha-114i/src/lhlist.c ++++ lha-114i/src/lhlist.c +@@ -250,7 +250,8 @@ list_one(hdr) + printf(" %s", hdr->name); + else { + char buf[256], *b1, *b2; +- strcpy(buf, hdr->name); ++ strncpy(buf, hdr->name, sizeof(buf)); ++ buf[sizeof(buf)-1] = 0; + b1 = strtok(buf, "|"); + b2 = strtok(NULL, "|"); + printf(" %s -> %s", b1, b2); +--- lha-114i/src/util.c ++++ lha-114i/src/util.c +@@ -276,21 +276,27 @@ rmdir(path) + char *path; + { + int stat, rtn = 0; +- char *cmdname; +- if ((cmdname = (char *) malloc(strlen(RMDIRPATH) + 1 + strlen(path) + 1)) +- == 0) ++ pid_t child; ++ ++ ++ /* XXX thomas: shell meta chars in path could exec commands */ ++ /* therefore we should avoid using system() */ ++ if ((child = fork()) < 0) ++ return (-1); /* fork error */ ++ else if (child) { /* parent process */ ++ while (child != wait(&stat)) /* ignore signals */ ++ continue; ++ } ++ else { /* child process */ ++ execl(RMDIRPATH, "rmdir", path, (char *) 0); ++ /* never come here except execl is error */ + return (-1); +- strcpy(cmdname, RMDIRPATH); +- *(cmdname + strlen(RMDIRPATH)) = ' '; +- strcpy(cmdname + strlen(RMDIRPATH) + 1, path); +- if ((stat = system(cmdname)) < 0) +- rtn = -1; /* fork or exec error */ +- else if (stat) { /* RMDIR command error */ +- errno = EIO; +- rtn = -1; + } +- free(cmdname); +- return (rtn); ++ if (stat != 0) { ++ errno = EIO; /* cannot get error num. */ ++ return (-1); ++ } ++ return (0); + } + + /* ------------------------------------------------------------------------ */ diff --git a/app-arch/lha/files/lha-114i-symlink.patch b/app-arch/lha/files/lha-114i-symlink.patch index 1189eef82e16..a872fa5548f9 100644 --- a/app-arch/lha/files/lha-114i-symlink.patch +++ b/app-arch/lha/files/lha-114i-symlink.patch @@ -1,5 +1,5 @@ ---- lha-114i/src/lhext.c.symlink 2000-10-04 10:57:38.000000000 -0400 -+++ lha-114i/src/lhext.c 2003-05-19 22:55:57.000000000 -0400 +--- lha-114i/src/lhext.c ++++ lha-114i/src/lhext.c @@ -351,6 +351,7 @@ extract_one(afp, hdr) } diff --git a/app-arch/lha/files/lha-114i.diff b/app-arch/lha/files/lha-114i.diff deleted file mode 100644 index d723d668a94c..000000000000 --- a/app-arch/lha/files/lha-114i.diff +++ /dev/null @@ -1,75 +0,0 @@ ---- header.c.old 2000-10-05 19:36:03.000000000 +0200 -+++ header.c 2004-04-17 23:55:54.000000000 +0200 -@@ -538,6 +538,10 @@ - /* - * filename - */ -+ if (header_size >= 256) { -+ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n"); -+ exit(109); -+ } - for (i = 0; i < header_size - 3; i++) - hdr->name[i] = (char) get_byte(); - hdr->name[header_size - 3] = '\0'; -@@ -547,6 +551,10 @@ - /* - * directory - */ -+ if (header_size >= FILENAME_LENGTH) { -+ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n"); -+ exit(110); -+ } - for (i = 0; i < header_size - 3; i++) - dirname[i] = (char) get_byte(); - dirname[header_size - 3] = '\0'; ---- lhext.c.old 2000-10-04 16:57:38.000000000 +0200 -+++ lhext.c 2004-04-18 01:27:44.000000000 +0200 -@@ -190,8 +190,13 @@ - q = (char *) rindex(hdr->name, '/') + 1; - } - else { -+ if (is_directory_traversal(q)) { -+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q); -+ exit(111); -+ } -+ - if (*q == '/') { -- q++; -+ while (*q == '/') { q++; } - /* - * if OSK then strip device name - */ -@@ -419,6 +424,33 @@ - return; - } - -+int -+is_directory_traversal(char *string) -+{ -+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */ -+ char *temp; -+ -+ temp = string; -+ -+ while (*temp != 0) { -+ if (temp[0] == '/') { -+ if (type == 1) { return 1; } -+ type = 0; -+ temp++; -+ continue; -+ } -+ -+ if ((temp[0] == '.') && (type < 2)) -+ type = 1; -+ if (temp[0] != '.') -+ type = 2; -+ -+ temp++; -+ } /* while */ -+ -+ return (type == 1); -+} -+ - /* Local Variables: */ - /* mode:c */ - /* tab-width:4 */ diff --git a/app-arch/lha/files/lha-command_buffer.patch b/app-arch/lha/files/lha-command_buffer.patch deleted file mode 100644 index e2a477784470..000000000000 --- a/app-arch/lha/files/lha-command_buffer.patch +++ /dev/null @@ -1,196 +0,0 @@ -diff -urNp lha-114i.orig/src/lha_macro.h lha-114i/src/lha_macro.h ---- lha-114i.orig/src/lha_macro.h 2004-08-03 15:53:56.000000000 -0500 -+++ lha-114i/src/lha_macro.h 2004-08-03 15:54:05.000000000 -0500 -@@ -53,7 +53,7 @@ - #define SEEK_SET 0 - #define SEEK_CUR 1 - #define SEEK_END 2 --#endif /* SEEK_SET -+#endif /* SEEK_SET */ - - - /* non-integral functions */ -diff -urNp lha-114i.orig/src/lharc.c lha-114i/src/lharc.c ---- lha-114i.orig/src/lharc.c 2004-08-03 15:53:56.000000000 -0500 -+++ lha-114i/src/lharc.c 2004-08-03 15:54:05.000000000 -0500 -@@ -830,9 +830,10 @@ find_files(name, v_filec, v_filev) - DIRENTRY *dp; - struct stat tmp_stbuf, arc_stbuf, fil_stbuf; - -- strcpy(newname, name); -+ strncpy(newname, name, sizeof(newname)); -+ newname[sizeof(newname)-1] = 0; - len = strlen(name); -- if (len > 0 && newname[len - 1] != '/') -+ if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1)) - newname[len++] = '/'; - - dirp = opendir(name); -@@ -846,6 +847,11 @@ find_files(name, v_filec, v_filev) - - for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) { - n = NAMLEN(dp); -+ if (len >= (sizeof(newname)-1) || -+ (len+n) >= (sizeof(newname)-1) || -+ n <= 0 || -+ (len+n) <= 0) -+ break; - strncpy(newname + len, dp->d_name, n); - newname[len + n] = '\0'; - if (GETSTAT(newname, &fil_stbuf) < 0) -@@ -903,7 +909,8 @@ build_temporary_name() - strcpy(temporary_name, TMP_FILENAME_TEMPLATE); - } - else { -- sprintf(temporary_name, "%s/lhXXXXXX", extract_directory); -+ snprintf(temporary_name, sizeof(temporary_name), -+ "%s/lhXXXXXX", extract_directory); - } - #ifdef MKSTEMP - mkstemp(temporary_name); -@@ -913,10 +920,16 @@ build_temporary_name() - #else - char *p, *s; - -- strcpy(temporary_name, archive_name); -+ strncpy(temporary_name, archive_name, sizeof(temporary_name)); -+ temporary_name[sizeof(temporary_name)-1] = 0; - for (p = temporary_name, s = (char *) 0; *p; p++) - if (*p == '/') - s = p; -+ -+ if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1 -+ <= strlen("lhXXXXXX")) -+ exit(-1); -+ - strcpy((s ? s + 1 : temporary_name), "lhXXXXXX"); - #ifdef MKSTEMP - mkstemp(temporary_name); -@@ -1052,7 +1065,8 @@ open_old_archive() - - if (open_old_archive_1(archive_name, &fp)) - return fp; -- sprintf(expanded_archive_name, "%s.lzh", archive_name); -+ snprintf(expanded_archive_name, sizeof(expanded_archive_name), -+ "%s.lzh", archive_name); - if (open_old_archive_1(expanded_archive_name, &fp)) { - archive_name = expanded_archive_name; - return fp; -@@ -1061,7 +1075,8 @@ open_old_archive() - * if ( (errno&0xffff)!=E_PNNF ) { archive_name = - * expanded_archive_name; return NULL; } - */ -- sprintf(expanded_archive_name, "%s.lzs", archive_name); -+ snprintf(expanded_archive_name, sizeof(expanded_archive_name), -+ "%s.lzs", archive_name); - if (open_old_archive_1(expanded_archive_name, &fp)) { - archive_name = expanded_archive_name; - return fp; -diff -urNp lha-114i.orig/src/lhext.c lha-114i/src/lhext.c ---- lha-114i.orig/src/lhext.c 2004-08-03 15:53:56.000000000 -0500 -+++ lha-114i/src/lhext.c 2004-08-03 15:55:40.000000000 -0500 -@@ -82,7 +82,8 @@ make_parent_path(name) - register char *p; - - /* make parent directory name into PATH for recursive call */ -- strcpy(path, name); -+ memset(path, 0, sizeof(path)); -+ strncpy(path, name, sizeof(path)-1); - for (p = path + strlen(path); p > path; p--) - if (p[-1] == '/') { - *--p = '\0'; -@@ -212,9 +213,11 @@ extract_one(afp, hdr) - } - - if (extract_directory) -- sprintf(name, "%s/%s", extract_directory, q); -- else -- strcpy(name, q); -+ snprintf(name, sizeof(name), "%s/%s", extract_directory, q); -+ else { -+ strncpy(name, q, sizeof(name)); -+ name[sizeof(name) - 1] = '\0'; -+ } - - - /* LZHDIRS_METHOD�����ĥإå��������å����� */ -@@ -335,7 +338,8 @@ extract_one(afp, hdr) - if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) == UNIX_FILE_SYMLINK) { - char buf[256], *bb1, *bb2; - int l_code; -- strcpy(buf, name); -+ strncpy(buf, name, sizeof(buf)); -+ buf[sizeof(buf)-1] = 0; - bb1 = strtok(buf, "|"); - bb2 = strtok(NULL, "|"); - -@@ -365,9 +369,10 @@ extract_one(afp, hdr) - if (quiet != TRUE) { - printf("Symbolic Link %s -> %s\n", bb1, bb2); - } -- strcpy(name, bb1); /* Symbolic's name set */ -+ strncpy(name, bb1, 255); /* Symbolic's name set */ -+ name[255] = 0; - #else -- sprintf(buf, "%s -> %s", bb1, bb2); -+ sprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2); - warning("Can't make Symbolic Link", buf); - return; - #endif -diff -urNp lha-114i.orig/src/lhlist.c lha-114i/src/lhlist.c ---- lha-114i.orig/src/lhlist.c 2004-08-03 15:53:56.000000000 -0500 -+++ lha-114i/src/lhlist.c 2004-08-03 15:54:05.000000000 -0500 -@@ -250,7 +250,8 @@ list_one(hdr) - printf(" %s", hdr->name); - else { - char buf[256], *b1, *b2; -- strcpy(buf, hdr->name); -+ strncpy(buf, hdr->name, sizeof(buf)); -+ buf[sizeof(buf)-1] = 0; - b1 = strtok(buf, "|"); - b2 = strtok(NULL, "|"); - printf(" %s -> %s", b1, b2); -diff -urNp lha-114i.orig/src/util.c lha-114i/src/util.c ---- lha-114i.orig/src/util.c 2004-08-03 15:53:56.000000000 -0500 -+++ lha-114i/src/util.c 2004-08-03 15:54:05.000000000 -0500 -@@ -276,21 +276,27 @@ rmdir(path) - char *path; - { - int stat, rtn = 0; -- char *cmdname; -- if ((cmdname = (char *) malloc(strlen(RMDIRPATH) + 1 + strlen(path) + 1)) -- == 0) -+ pid_t child; -+ -+ -+ /* XXX thomas: shell meta chars in path could exec commands */ -+ /* therefore we should avoid using system() */ -+ if ((child = fork()) < 0) -+ return (-1); /* fork error */ -+ else if (child) { /* parent process */ -+ while (child != wait(&stat)) /* ignore signals */ -+ continue; -+ } -+ else { /* child process */ -+ execl(RMDIRPATH, "rmdir", path, (char *) 0); -+ /* never come here except execl is error */ - return (-1); -- strcpy(cmdname, RMDIRPATH); -- *(cmdname + strlen(RMDIRPATH)) = ' '; -- strcpy(cmdname + strlen(RMDIRPATH) + 1, path); -- if ((stat = system(cmdname)) < 0) -- rtn = -1; /* fork or exec error */ -- else if (stat) { /* RMDIR command error */ -- errno = EIO; -- rtn = -1; - } -- free(cmdname); -- return (rtn); -+ if (stat != 0) { -+ errno = EIO; /* cannot get error num. */ -+ return (-1); -+ } -+ return (0); - } - - /* ------------------------------------------------------------------------ */ diff --git a/app-arch/lha/files/lha-dir_length_bounds_check.patch b/app-arch/lha/files/lha-dir_length_bounds_check.patch deleted file mode 100644 index 7a0ae1e086e2..000000000000 --- a/app-arch/lha/files/lha-dir_length_bounds_check.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- src/header.c 2002-07-19 17:23:58.000000000 +0900 -+++ src/header.c 2004-06-16 09:49:23.000000000 +0900 -@@ -648,8 +648,17 @@ - } - - if (dir_length) { -+ if ((dir_length + name_length) > sizeof(dirname)) { -+ fprintf(stderr, "Insufficient buffer size\n"); -+ exit(112); -+ } - strcat(dirname, hdr->name); -- strcpy(hdr->name, dirname); -+ -+ if ((dir_length + name_length) > sizeof(hdr->name)) { -+ fprintf(stderr, "Insufficient buffer size\n"); -+ exit(112); -+ } -+ strncpy(hdr->name, dirname, sizeof(hdr->name)); - name_length += dir_length; - } -- cgit v1.2.3-65-gdbad