diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2019-11-06 09:56:30 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2019-11-06 09:56:30 +0200 |
commit | cd892d109a583e3a29e1da66b8374c29605bfdc8 (patch) | |
tree | bf867edb591ad90b33136e4baa9f059cc6a6e5a5 | |
parent | b7b5a9c456fdcd767c0f041d67af240de5b58fce (diff) | |
download | cpio-cd892d109a583e3a29e1da66b8374c29605bfdc8.tar.gz cpio-cd892d109a583e3a29e1da66b8374c29605bfdc8.tar.bz2 |
Version 2.13release_2_13
* NEWS: Describe new version.
* configure.ac: version 2.13
* src/copyin.c: Fix strict aliasing violation.
* tests/CVE-2019-14866.at: New file.
* tests/Makefile.am: Add new test.
* tests/testsuite.at: Add new test,
-rw-r--r-- | NEWS | 8 | ||||
-rw-r--r-- | configure.ac | 5 | ||||
-rw-r--r-- | src/copyin.c | 22 | ||||
-rw-r--r-- | tests/CVE-2019-14866.at | 35 | ||||
-rw-r--r-- | tests/Makefile.am | 6 | ||||
-rw-r--r-- | tests/testsuite.at | 1 |
6 files changed, 61 insertions, 16 deletions
@@ -1,10 +1,16 @@ | |||
1 | GNU cpio NEWS -- history of user-visible changes. 2015-09-12 | 1 | GNU cpio NEWS -- history of user-visible changes. 2019-11-06 |
2 | Copyright (C) 2003-2007, 2009-2010, 2014-2015, 2017 Free Software | 2 | Copyright (C) 2003-2007, 2009-2010, 2014-2015, 2017 Free Software |
3 | Foundation, Inc. | 3 | Foundation, Inc. |
4 | See the end of file for copying conditions. | 4 | See the end of file for copying conditions. |
5 | 5 | ||
6 | Please send cpio bug reports to <bug-cpio@gnu.org>. | 6 | Please send cpio bug reports to <bug-cpio@gnu.org>. |
7 | 7 | ||
8 | Version 2.13 - Sergey Poznyakoff, 2019-11-06 | ||
9 | |||
10 | * Fix CVE-2015-1197 | ||
11 | * Fix CVE-2016-2037 | ||
12 | * Fix CVE-2019-14866 | ||
13 | |||
8 | Version 2.12 - Sergey Poznyakoff, 2015-09-12 | 14 | Version 2.12 - Sergey Poznyakoff, 2015-09-12 |
9 | 15 | ||
10 | * Improved documentation. | 16 | * Improved documentation. |
diff --git a/configure.ac b/configure.ac index 561ecdd..2132256 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,7 +1,6 @@ | |||
1 | dnl Process this file with autoconf to produce a configure script. | 1 | dnl Process this file with autoconf to produce a configure script. |
2 | dnl This file is part of GNU cpio | 2 | dnl This file is part of GNU cpio |
3 | dnl Copyright (C) 2003-2007, 2009-2010, 2014-2015, 2017 Free Software | 3 | dnl Copyright (C) 2003-2019 Free Software Foundation, Inc. |
4 | dnl Foundation, Inc. | ||
5 | dnl | 4 | dnl |
6 | dnl This program is free software; you can redistribute it and/or modify | 5 | dnl This program is free software; you can redistribute it and/or modify |
7 | dnl it under the terms of the GNU General Public License as published by | 6 | dnl it under the terms of the GNU General Public License as published by |
@@ -16,7 +15,7 @@ dnl | |||
16 | dnl You should have received a copy of the GNU General Public License | 15 | dnl You should have received a copy of the GNU General Public License |
17 | dnl along with this program. If not, see <http://www.gnu.org/licenses/>. | 16 | dnl along with this program. If not, see <http://www.gnu.org/licenses/>. |
18 | 17 | ||
19 | AC_INIT([GNU cpio], [2.12], [bug-cpio@gnu.org],, | 18 | AC_INIT([GNU cpio], [2.13], [bug-cpio@gnu.org],, |
20 | [http://www.gnu.org/software/cpio]) | 19 | [http://www.gnu.org/software/cpio]) |
21 | AC_CONFIG_SRCDIR(src/cpio.h) | 20 | AC_CONFIG_SRCDIR(src/cpio.h) |
22 | AC_CONFIG_AUX_DIR([build-aux]) | 21 | AC_CONFIG_AUX_DIR([build-aux]) |
diff --git a/src/copyin.c b/src/copyin.c index fd20426..b29f348 100644 --- a/src/copyin.c +++ b/src/copyin.c | |||
@@ -889,30 +889,34 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) | |||
889 | 889 | ||
890 | if (archive_format == arf_unknown) | 890 | if (archive_format == arf_unknown) |
891 | { | 891 | { |
892 | char tmpbuf[512]; | 892 | union |
893 | { | ||
894 | char s[512]; | ||
895 | unsigned short us; | ||
896 | } tmpbuf; | ||
893 | int check_tar; | 897 | int check_tar; |
894 | int peeked_bytes; | 898 | int peeked_bytes; |
895 | 899 | ||
896 | while (archive_format == arf_unknown) | 900 | while (archive_format == arf_unknown) |
897 | { | 901 | { |
898 | peeked_bytes = tape_buffered_peek (tmpbuf, in_des, 512); | 902 | peeked_bytes = tape_buffered_peek (tmpbuf.s, in_des, 512); |
899 | if (peeked_bytes < 6) | 903 | if (peeked_bytes < 6) |
900 | error (PAXEXIT_FAILURE, 0, _("premature end of archive")); | 904 | error (PAXEXIT_FAILURE, 0, _("premature end of archive")); |
901 | 905 | ||
902 | if (!strncmp (tmpbuf, "070701", 6)) | 906 | if (!strncmp (tmpbuf.s, "070701", 6)) |
903 | archive_format = arf_newascii; | 907 | archive_format = arf_newascii; |
904 | else if (!strncmp (tmpbuf, "070707", 6)) | 908 | else if (!strncmp (tmpbuf.s, "070707", 6)) |
905 | archive_format = arf_oldascii; | 909 | archive_format = arf_oldascii; |
906 | else if (!strncmp (tmpbuf, "070702", 6)) | 910 | else if (!strncmp (tmpbuf.s, "070702", 6)) |
907 | { | 911 | { |
908 | archive_format = arf_crcascii; | 912 | archive_format = arf_crcascii; |
909 | crc_i_flag = true; | 913 | crc_i_flag = true; |
910 | } | 914 | } |
911 | else if ((*((unsigned short *) tmpbuf) == 070707) || | 915 | else if (tmpbuf.us == 070707 |
912 | (*((unsigned short *) tmpbuf) == swab_short ((unsigned short) 070707))) | 916 | || tmpbuf.us == swab_short ((unsigned short) 070707)) |
913 | archive_format = arf_binary; | 917 | archive_format = arf_binary; |
914 | else if (peeked_bytes >= 512 | 918 | else if (peeked_bytes >= 512 |
915 | && (check_tar = is_tar_header (tmpbuf))) | 919 | && (check_tar = is_tar_header (tmpbuf.s))) |
916 | { | 920 | { |
917 | if (check_tar == 2) | 921 | if (check_tar == 2) |
918 | archive_format = arf_ustar; | 922 | archive_format = arf_ustar; |
@@ -921,7 +925,7 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) | |||
921 | } | 925 | } |
922 | else | 926 | else |
923 | { | 927 | { |
924 | tape_buffered_read ((char *) tmpbuf, in_des, 1L); | 928 | tape_buffered_read (tmpbuf.s, in_des, 1L); |
925 | ++bytes_skipped; | 929 | ++bytes_skipped; |
926 | } | 930 | } |
927 | } | 931 | } |
diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at new file mode 100644 index 0000000..e877b39 --- /dev/null +++ b/tests/CVE-2019-14866.at | |||
@@ -0,0 +1,35 @@ | |||
1 | # Process this file with autom4te to create testsuite. -*- Autotest -*- | ||
2 | # Copyright (C) 2009-2019 Free Software Foundation, Inc. | ||
3 | # | ||
4 | # This program is free software; you can redistribute it and/or modify | ||
5 | # it under the terms of the GNU General Public License as published by | ||
6 | # the Free Software Foundation; either version 3, or (at your option) | ||
7 | # any later version. | ||
8 | # | ||
9 | # This program is distributed in the hope that it will be useful, | ||
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
12 | # GNU General Public License for more details. | ||
13 | # | ||
14 | # You should have received a copy of the GNU General Public License | ||
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
16 | |||
17 | AT_SETUP([CVE-2019-14866 (tar header size overflow)]) | ||
18 | AT_CHECK([ | ||
19 | # Use -s (seek) instead of -l (size) to speed up file creation. | ||
20 | # This can fail if the device lacks sufficient space. Skip the test, then. | ||
21 | if genfile -s 16G -f file; then | ||
22 | echo file | cpio -H tar -o > a.tar | ||
23 | s=$? | ||
24 | rm -f file | ||
25 | exit $? | ||
26 | else | ||
27 | AT_SKIP_TEST | ||
28 | fi | ||
29 | ], | ||
30 | [0], | ||
31 | [], | ||
32 | [cpio: file: value size 17179869184 out of allowed range 0..8589934591 | ||
33 | 2 blocks | ||
34 | ]) | ||
35 | AT_CLEANUP | ||
diff --git a/tests/Makefile.am b/tests/Makefile.am index 5b8e9ed..65bf470 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am | |||
@@ -1,7 +1,6 @@ | |||
1 | # Makefile for GNU cpio regression tests. | 1 | # Makefile for GNU cpio regression tests. |
2 | 2 | ||
3 | # Copyright (C) 2004, 2007-2010, 2014-2015, 2017 Free Software | 3 | # Copyright (C) 2004-2019 Free Software Foundation, Inc. |
4 | # Foundation, Inc. | ||
5 | 4 | ||
6 | ## This program is free software; you can redistribute it and/or modify | 5 | ## This program is free software; you can redistribute it and/or modify |
7 | ## it under the terms of the GNU General Public License as published by | 6 | ## it under the terms of the GNU General Public License as published by |
@@ -57,7 +56,8 @@ TESTSUITE_AT = \ | |||
57 | symlink-to-stdout.at\ | 56 | symlink-to-stdout.at\ |
58 | version.at\ | 57 | version.at\ |
59 | big-block-size.at\ | 58 | big-block-size.at\ |
60 | CVE-2015-1197.at | 59 | CVE-2015-1197.at\ |
60 | CVE-2019-14866.at | ||
61 | 61 | ||
62 | TESTSUITE = $(srcdir)/testsuite | 62 | TESTSUITE = $(srcdir)/testsuite |
63 | 63 | ||
diff --git a/tests/testsuite.at b/tests/testsuite.at index 10cb8b9..aa56bb9 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at | |||
@@ -45,3 +45,4 @@ m4_include([setstat05.at]) | |||
45 | m4_include([big-block-size.at]) | 45 | m4_include([big-block-size.at]) |
46 | 46 | ||
47 | m4_include([CVE-2015-1197.at]) | 47 | m4_include([CVE-2015-1197.at]) |
48 | m4_include([CVE-2019-14866.at]) | ||