diff options
| author | taca <taca> | 2004-05-13 11:42:43 +0000 |
|---|---|---|
| committer | taca <taca> | 2004-05-13 11:42:43 +0000 |
| commit | 97d773ab7c25eabbaecf1c3d0479acb0cee5c350 (patch) | |
| tree | 78781cb6a92705712dfd5d5e628ba53bafcc5a17 /archivers/lha/patches | |
| parent | 5247cb7c39d5e2d6bbd875f0464ac9b915faa604 (diff) | |
| download | pkgsrc-97d773ab7c25eabbaecf1c3d0479acb0cee5c350.tar.gz | |
Fix security problem of lha package applying patches by David Ahmad
< da at securityfocus dot com > on bugtraq mailing list.
Bump pacakge revision to nb2.
Diffstat (limited to 'archivers/lha/patches')
| -rw-r--r-- | archivers/lha/patches/patch-ad | 53 | ||||
| -rw-r--r-- | archivers/lha/patches/patch-ak | 26 |
2 files changed, 79 insertions, 0 deletions
diff --git a/archivers/lha/patches/patch-ad b/archivers/lha/patches/patch-ad new file mode 100644 index 00000000000..5939e831736 --- /dev/null +++ b/archivers/lha/patches/patch-ad @@ -0,0 +1,53 @@ +$NetBSD: patch-ad,v 1.3 2004/05/13 11:42:43 taca Exp $ + +--- src/lhext.c.orig 2000-10-04 23:57:38.000000000 +0900 ++++ src/lhext.c +@@ -190,8 +190,13 @@ extract_one(afp, hdr) + q = (char *) rindex(hdr->name, '/') + 1; + } + else { ++ if (is_directory_traversal(q)) { ++ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q); ++ exit(111); ++ } ++ + if (*q == '/') { +- q++; ++ while (*q == '/') { q++; } + /* + * if OSK then strip device name + */ +@@ -419,6 +424,33 @@ cmd_extract() + return; + } + ++int ++is_directory_traversal(char *string) ++{ ++ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */ ++ char *temp; ++ ++ temp = string; ++ ++ while (*temp != 0) { ++ if (temp[0] == '/') { ++ if (type == 1) { return 1; } ++ type = 0; ++ temp++; ++ continue; ++ } ++ ++ if ((temp[0] == '.') && (type < 2)) ++ type = 1; ++ if (temp[0] != '.') ++ type = 2; ++ ++ temp++; ++ } /* while */ ++ ++ return (type == 1); ++} ++ + /* Local Variables: */ + /* mode:c */ + /* tab-width:4 */ diff --git a/archivers/lha/patches/patch-ak b/archivers/lha/patches/patch-ak new file mode 100644 index 00000000000..bd3f7427577 --- /dev/null +++ b/archivers/lha/patches/patch-ak @@ -0,0 +1,26 @@ +$NetBSD: patch-ak,v 1.1 2004/05/13 11:42:43 taca Exp $ + +--- src/header.c.orig 2000-10-06 02:36:03.000000000 +0900 ++++ src/header.c +@@ -538,6 +538,10 @@ get_header(fp, hdr) + /* + * filename + */ ++ if (header_size >= 256) { ++ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n"); ++ exit(109); ++ } + for (i = 0; i < header_size - 3; i++) + hdr->name[i] = (char) get_byte(); + hdr->name[header_size - 3] = '\0'; +@@ -547,6 +551,10 @@ get_header(fp, hdr) + /* + * directory + */ ++ if (header_size >= FILENAME_LENGTH) { ++ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n"); ++ exit(110); ++ } + for (i = 0; i < header_size - 3; i++) + dirname[i] = (char) get_byte(); + dirname[header_size - 3] = '\0'; |