cpio: fix use after free and return appropriate errors
This commit is contained in:
Roberto Sassu
parent
a0059638dd
commit
4b48c4e23f
61
Fix-use-after-free-and-return-appropriate-error.patch
Normal file
61
Fix-use-after-free-and-return-appropriate-error.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From 356ad51812edb47fd76aa59b8c935d55b879541a Mon Sep 17 00:00:00 2001
|
||||
From: Roberto Sassu <roberto.sassu@huawei.com>
|
||||
Date: Thu, 2 Jul 2020 10:23:44 +0200
|
||||
Subject: [PATCH] cpio: fix use after free and return appropriate errors
|
||||
|
||||
---
|
||||
src/copyout.c | 23 +++++++++++++++--------
|
||||
1 file changed, 15 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/copyout.c b/src/copyout.c
|
||||
index 29d2198..7feed00 100644
|
||||
--- a/src/copyout.c
|
||||
+++ b/src/copyout.c
|
||||
@@ -600,15 +600,19 @@ write_xattrs (int metadata_fd, char *path)
|
||||
list_ptr = xattr_list = malloc(list_len);
|
||||
if (!list_ptr) {
|
||||
error (0, 0, _("out of memory"));
|
||||
- return ret;
|
||||
+ return -ENOMEM;
|
||||
}
|
||||
|
||||
len = llistxattr(path, xattr_list, list_len);
|
||||
- if (len != list_len)
|
||||
+ if (len != list_len) {
|
||||
+ ret = -EIO;
|
||||
goto out;
|
||||
+ }
|
||||
|
||||
- if (ftruncate(metadata_fd, 0))
|
||||
+ if (ftruncate(metadata_fd, 0)) {
|
||||
+ ret = -EIO;
|
||||
goto out;
|
||||
+ }
|
||||
|
||||
lseek(metadata_fd, 0, SEEK_SET);
|
||||
|
||||
@@ -658,13 +662,16 @@ write_xattrs (int metadata_fd, char *path)
|
||||
}
|
||||
|
||||
free(xattr_value);
|
||||
-out:
|
||||
- free(xattr_list);
|
||||
|
||||
- if (list_ptr != xattr_list + list_len)
|
||||
- return ret;
|
||||
+ if (list_ptr != xattr_list + list_len) {
|
||||
+ ret = -EINVAL;
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
- return 0;
|
||||
+ ret = 0;
|
||||
+out:
|
||||
+ free(xattr_list);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
/* Read a list of file names from the standard input
|
||||
--
|
||||
2.27.GIT
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: cpio
|
||||
Version: 2.12
|
||||
Release: 15
|
||||
Release: 16
|
||||
Summary: A GNU archiving program
|
||||
|
||||
License: GPLv3+
|
||||
@ -18,6 +18,7 @@ Patch6000: Fix-out-of-bounds-read.patch
|
||||
Patch6001: Fix-signed-integer-overflow-big-block-sizes.patch
|
||||
Patch6002: Fix-CVE-2019-14866.patch
|
||||
Patch6003: add-option-to-add-metadata-in-copy-out-mode.patch
|
||||
Patch6004: Fix-use-after-free-and-return-appropriate-error.patch
|
||||
|
||||
Provides: bundled(gnulib)
|
||||
Provides: /bin/cpio
|
||||
@ -60,6 +61,12 @@ make check
|
||||
%{_datadir}/man/man1/%{name}.1.gz
|
||||
|
||||
%changelog
|
||||
* Thu Jul 2 2020 Roberto Sassu<roberto.sassu@huawei.com> - 2.12-16
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:fix use after free and return appropriate errors
|
||||
|
||||
* Thu Jul 2 2020 Anakin Zhang<benjamin93@163.com> - 2.12-15
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user