packages/cpio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!4 Fix use after free v2

Browse Source 
Merge pull request !4 from roberto.sassu/fix-use-after-free-v2
This commit is contained in:
openeuler-ci-bot 2020-07-02 18:47:41 +08:00 committed by Gitee
commit 3843264859
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
Fix-use-after-free-and-return-appropriate-error.patch Normal file
View File

@ -0,0 +1,61 @@
From 356ad51812edb47fd76aa59b8c935d55b879541a Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Thu, 2 Jul 2020 10:23:44 +0200
Subject: [PATCH] cpio: fix use after free and return appropriate errors
---
src/copyout.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/src/copyout.c b/src/copyout.c
index 29d2198..7feed00 100644
--- a/src/copyout.c
+++ b/src/copyout.c
@@ -600,15 +600,19 @@ write_xattrs (int metadata_fd, char *path)
list_ptr = xattr_list = malloc(list_len);
if (!list_ptr) {
error (0, 0, _("out of memory"));
- return ret;
+ return -ENOMEM;
}
len = llistxattr(path, xattr_list, list_len);
- if (len != list_len)
+ if (len != list_len) {
+ ret = -EIO;
goto out;
+ }
- if (ftruncate(metadata_fd, 0))
+ if (ftruncate(metadata_fd, 0)) {
+ ret = -EIO;
goto out;
+ }
lseek(metadata_fd, 0, SEEK_SET);
@@ -658,13 +662,16 @@ write_xattrs (int metadata_fd, char *path)
}
free(xattr_value);
-out:
- free(xattr_list);
- if (list_ptr != xattr_list + list_len)
- return ret;
+ if (list_ptr != xattr_list + list_len) {
+ ret = -EINVAL;
+ goto out;
+ }
- return 0;
+ ret = 0;
+out:
+ free(xattr_list);
+ return ret;
}
/* Read a list of file names from the standard input
--
2.27.GIT

9
cpio.spec
View File

@ -1,6 +1,6 @@
Name: cpio Name: cpio
Version: 2.12 Version: 2.12
Release: 15 Release: 16
Summary: A GNU archiving program Summary: A GNU archiving program
License: GPLv3+ License: GPLv3+
@ -18,6 +18,7 @@ Patch6000: Fix-out-of-bounds-read.patch
Patch6001: Fix-signed-integer-overflow-big-block-sizes.patch Patch6001: Fix-signed-integer-overflow-big-block-sizes.patch
Patch6002: Fix-CVE-2019-14866.patch Patch6002: Fix-CVE-2019-14866.patch
Patch6003: add-option-to-add-metadata-in-copy-out-mode.patch Patch6003: add-option-to-add-metadata-in-copy-out-mode.patch
Patch6004: Fix-use-after-free-and-return-appropriate-error.patch
Provides: bundled(gnulib) Provides: bundled(gnulib)
Provides: /bin/cpio Provides: /bin/cpio
@ -60,6 +61,12 @@ make check
%{_datadir}/man/man1/%{name}.1.gz %{_datadir}/man/man1/%{name}.1.gz
%changelog %changelog
* Thu Jul 2 2020 Roberto Sassu<roberto.sassu@huawei.com> - 2.12-16
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix use after free and return appropriate errors
* Thu Jul 2 2020 Anakin Zhang<benjamin93@163.com> - 2.12-15 * Thu Jul 2 2020 Anakin Zhang<benjamin93@163.com> - 2.12-15
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA