From 976e5561c5ae3bbd192545830e26880872d3b3b2 Mon Sep 17 00:00:00 2001 From: wiz Date: Tue, 1 Mar 2005 14:53:41 +0000 Subject: Apply fix for CAN-2005-0160 and CAN-2005-0161. Bump PKGREVISION. --- archivers/unace/Makefile | 3 +- archivers/unace/distinfo | 6 ++- archivers/unace/patches/patch-ad | 69 +++++++++++++++++++++++++--- archivers/unace/patches/patch-ae | 97 ++++++++++++++++++++++++++++++++++++++++ archivers/unace/patches/patch-af | 13 ++++++ 5 files changed, 180 insertions(+), 8 deletions(-) create mode 100644 archivers/unace/patches/patch-ae create mode 100644 archivers/unace/patches/patch-af (limited to 'archivers') diff --git a/archivers/unace/Makefile b/archivers/unace/Makefile index e22b9f98e8c..2126f3e0733 100644 --- a/archivers/unace/Makefile +++ b/archivers/unace/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.13 2004/12/03 15:14:51 wiz Exp $ +# $NetBSD: Makefile,v 1.14 2005/03/01 14:53:41 wiz Exp $ # DISTNAME= unace-1.2b PKGNAME= unace-1.2.2 +PKGREVISION= 1 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_SUNSITE:=utils/compress/} diff --git a/archivers/unace/distinfo b/archivers/unace/distinfo index 574fdad7ec2..fa2a02dc902 100644 --- a/archivers/unace/distinfo +++ b/archivers/unace/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2005/02/23 14:45:26 agc Exp $ +$NetBSD: distinfo,v 1.6 2005/03/01 14:53:41 wiz Exp $ SHA1 (unace-1.2b.tar.gz) = 7a0cc01105551a84f15897b75749dd9bb2a26184 RMD160 (unace-1.2b.tar.gz) = 32d8b4fd9a028b333b51436dd378ff26199ee4bf @@ -6,4 +6,6 @@ Size (unace-1.2b.tar.gz) = 43423 bytes SHA1 (patch-aa) = bba4226db32be4f0e2217aad6ae38dabf9038ed1 SHA1 (patch-ab) = f450aa34f650525ae36d90609393990ed650766a SHA1 (patch-ac) = bdf7ef7e3cd0e531ca88f465b2c3fc5b55dbfb03 -SHA1 (patch-ad) = 4e9b0a0bbcf6c673f7847048b015e0c488c52b0f +SHA1 (patch-ad) = 5184341ef9a79564232ae3014e54d200b1e6d72d +SHA1 (patch-ae) = 4cdce637e1df11d3909f3e7ed18d7846c074d1be +SHA1 (patch-af) = 6f229e92b2f42b269115166cc5d9b898deaeca88 diff --git a/archivers/unace/patches/patch-ad b/archivers/unace/patches/patch-ad index 71eeefd9bf2..79b528bb87a 100644 --- a/archivers/unace/patches/patch-ad +++ b/archivers/unace/patches/patch-ad @@ -1,8 +1,57 @@ -$NetBSD: patch-ad,v 1.1 2001/10/31 14:44:43 tv Exp $ +$NetBSD: patch-ad,v 1.2 2005/03/01 14:53:41 wiz Exp $ ---- unace.c.orig Mon Oct 8 10:49:26 2001 -+++ unace.c Mon Oct 8 10:50:15 2001 -@@ -512,7 +512,7 @@ +--- unace.c.orig 1998-07-01 10:29:00.000000000 +0200 ++++ unace.c +@@ -240,6 +240,7 @@ INT read_arc_head(void) // searc + INT open_archive(INT print_err) // opens archive (or volume) + { + CHAR av_str[80]; ++ unsigned int copylen; + + archan = open(aname, O_RDONLY | O_BINARY); // open file + +@@ -263,8 +264,11 @@ INT open_archive(INT print_err) + sprintf(av_str, "\ncreated on %d.%d.%d by ", + ts_day(adat.time_cr), ts_month(adat.time_cr), ts_year(adat.time_cr)); + printf(av_str); +- strncpy(av_str, mhead.AV, mhead.AV_SIZE); +- av_str[mhead.AV_SIZE] = 0; ++ copylen = mhead.AV_SIZE; ++ if (copylen > 79) ++ copylen = 79; ++ strncpy(av_str, mhead.AV, copylen); ++ av_str[copylen] = 0; + printf("%s\n\n", av_str); + } + comment_out("Main comment:"); // print main comment +@@ -300,7 +304,7 @@ void get_next_volname(void) + INT proc_vol(void) // opens volume + { + INT i; +- CHAR s[80]; ++ CHAR s[PATH_MAX + 80]; + + // if f_allvol_pr is 2 we have -y and should never ask + if ((!fileexists_insense(aname) && f_allvol_pr != 2) || !f_allvol_pr) +@@ -428,7 +432,7 @@ void extract_files(int nopath, int test) + if (head.HEAD_TYPE == FILE_BLK) + { + comment_out("File comment:"); // show file comment +- ace_fname(file, &head, nopath); // get file name ++ ace_fname(file, &head, nopath, sizeof(file)); // get file name + printf("\n%s", file); + flush; + dcpr_init_file(); // initialize decompression of file +@@ -496,7 +500,7 @@ void list_files(int verbose) + if (head.HEAD_TYPE == FILE_BLK) + { + ULONG ti=fhead.FTIME; +- ace_fname(file, &head, verbose ? 0 : 1); // get file name ++ ace_fname(file, &head, verbose ? 0 : 1, sizeof(file)); // get file name + + size += fhead.SIZE; + psize += +@@ -512,7 +516,7 @@ void list_files(int verbose) tpsize+= fhead.PSIZE; } if (!f_err) @@ -11,7 +60,7 @@ $NetBSD: patch-ad,v 1.1 2001/10/31 14:44:43 tv Exp $ ts_day (ti), ts_month(ti), ts_year(ti)%100, ts_hour(ti), ts_min (ti), fhead.HEAD_FLAGS & ACE_SP_BEF ? '<' : ' ', -@@ -525,7 +525,7 @@ +@@ -525,7 +529,7 @@ void list_files(int verbose) } if (!f_err) { @@ -20,3 +69,13 @@ $NetBSD: patch-ad,v 1.1 2001/10/31 14:44:43 tv Exp $ psize, size, percentage(psize, size), +@@ -588,7 +592,8 @@ int main(INT argc, CHAR * argv[]) + + init_unace(); // initialize unace + +- strcpy(aname, argv[arg_cnt]); // get archive name ++ strncpy(aname, argv[arg_cnt], sizeof(aname) - 4); // get archive name ++ aname[sizeof(aname) - 5] = '\0'; + if (!(s = (CHAR *) strrchr(aname, DIRSEP))) + s = aname; + if (!strrchr(s, '.')) diff --git a/archivers/unace/patches/patch-ae b/archivers/unace/patches/patch-ae new file mode 100644 index 00000000000..46757179e94 --- /dev/null +++ b/archivers/unace/patches/patch-ae @@ -0,0 +1,97 @@ +$NetBSD: patch-ae,v 1.1 2005/03/01 14:53:41 wiz Exp $ + +--- uac_crt.c.orig 1998-07-01 10:29:00.000000000 +0200 ++++ uac_crt.c +@@ -33,12 +33,15 @@ + + /* gets file name from header + */ +-CHAR *ace_fname(CHAR * s, thead * head, INT nopath) ++CHAR *ace_fname(CHAR * s, thead * head, INT nopath, unsigned int size) + { +- INT i; ++ unsigned int i; + char *cp; + +- strncpy(s, (*(tfhead *) head).FNAME, i = (*(tfhead *) head).FNAME_SIZE); ++ i = (*(tfhead *) head).FNAME_SIZE; ++ if (i > (size - 1)) ++ i = size - 1; ++ strncpy(s, (*(tfhead *) head).FNAME, i); + s[i] = 0; + + if (nopath) +@@ -56,22 +59,72 @@ CHAR *ace_fname(CHAR * s, thead * head, + } + #endif + ++ cp = s; ++ while (*cp == '/') cp++; ++ if (cp != s) ++ memmove(s, cp, strlen(cp) + 1); ++ + return s; + } + ++int is_directory_traversal(char *str) ++{ ++ unsigned int mode, countdots; ++ /* mode 0 = fresh, 1 = just dots, 2 = not just dots */ ++ char ch; ++ ++ mode = countdots = 0; ++ ++ while (ch = *str++) ++ { ++ if ((ch == '/') && (mode == 1) && (countdots > 1)) ++ return 1; ++ ++ if (ch == '/') ++ { ++ mode = countdots = 0; ++ continue; ++ } ++ ++ if (ch == '.') ++ { ++ if (mode == 0) ++ mode = 1; ++ ++ countdots++; ++ } ++ else ++ mode = 2; ++ } ++ ++ if ((mode == 1) && (countdots > 1)) ++ return 1; ++ ++ return 0; ++} ++ + void check_ext_dir(CHAR * f) // checks/creates path of file + { + CHAR *cp, + d[PATH_MAX]; +- INT i; ++ unsigned int i; + + d[0] = 0; + ++ if (is_directory_traversal(f)) ++ { ++ f_err = ERR_WRITE; ++ printf("\n Directory traversal attempt: %s\n", f); ++ return; ++ } ++ + for (;;) + { + if ((cp = (CHAR *) strchr(&f[strlen(d) + 1], DIRSEP))!=NULL) + { + i = cp - f; ++ if (i > (PATH_MAX - 1)) ++ i = PATH_MAX - 1; + strncpy(d, f, i); + d[i] = 0; + } diff --git a/archivers/unace/patches/patch-af b/archivers/unace/patches/patch-af new file mode 100644 index 00000000000..fe7eef3f561 --- /dev/null +++ b/archivers/unace/patches/patch-af @@ -0,0 +1,13 @@ +$NetBSD: patch-af,v 1.1 2005/03/01 14:53:41 wiz Exp $ + +--- uac_crt.h.orig 1998-07-01 10:29:00.000000000 +0200 ++++ uac_crt.h +@@ -4,7 +4,7 @@ + + #include "acestruc.h" + +-CHAR *ace_fname(CHAR * s, thead * head, INT nopath); ++CHAR *ace_fname(CHAR * s, thead * head, INT nopath, unsigned int size); + INT create_dest_file(CHAR * file, INT a); + + #ifdef UNIX -- cgit v1.2.3