diff options
| author | Sergey Poznyakoff <gray@gnu.org> | 2019-11-06 09:56:30 +0200 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org> | 2019-11-06 09:56:30 +0200 |
| commit | cd892d109a583e3a29e1da66b8374c29605bfdc8 (patch) | |
| tree | bf867edb591ad90b33136e4baa9f059cc6a6e5a5 | |
| parent | b7b5a9c456fdcd767c0f041d67af240de5b58fce (diff) | |
| download | cpio-cd892d109a583e3a29e1da66b8374c29605bfdc8.tar.gz cpio-cd892d109a583e3a29e1da66b8374c29605bfdc8.tar.bz2 | |
Version 2.13release_2_13
* NEWS: Describe new version.
* configure.ac: version 2.13
* src/copyin.c: Fix strict aliasing violation.
* tests/CVE-2019-14866.at: New file.
* tests/Makefile.am: Add new test.
* tests/testsuite.at: Add new test,
| -rw-r--r-- | NEWS | 8 | ||||
| -rw-r--r-- | configure.ac | 5 | ||||
| -rw-r--r-- | src/copyin.c | 22 | ||||
| -rw-r--r-- | tests/CVE-2019-14866.at | 35 | ||||
| -rw-r--r-- | tests/Makefile.am | 6 | ||||
| -rw-r--r-- | tests/testsuite.at | 1 |
6 files changed, 61 insertions, 16 deletions
| @@ -1,10 +1,16 @@ | |||
| 1 | GNU cpio NEWS -- history of user-visible changes. 2015-09-12 | 1 | GNU cpio NEWS -- history of user-visible changes. 2019-11-06 |
| 2 | Copyright (C) 2003-2007, 2009-2010, 2014-2015, 2017 Free Software | 2 | Copyright (C) 2003-2007, 2009-2010, 2014-2015, 2017 Free Software |
| 3 | Foundation, Inc. | 3 | Foundation, Inc. |
| 4 | See the end of file for copying conditions. | 4 | See the end of file for copying conditions. |
| 5 | 5 | ||
| 6 | Please send cpio bug reports to <bug-cpio@gnu.org>. | 6 | Please send cpio bug reports to <bug-cpio@gnu.org>. |
| 7 | 7 | ||
| 8 | Version 2.13 - Sergey Poznyakoff, 2019-11-06 | ||
| 9 | |||
| 10 | * Fix CVE-2015-1197 | ||
| 11 | * Fix CVE-2016-2037 | ||
| 12 | * Fix CVE-2019-14866 | ||
| 13 | |||
| 8 | Version 2.12 - Sergey Poznyakoff, 2015-09-12 | 14 | Version 2.12 - Sergey Poznyakoff, 2015-09-12 |
| 9 | 15 | ||
| 10 | * Improved documentation. | 16 | * Improved documentation. |
diff --git a/configure.ac b/configure.ac index 561ecdd..2132256 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -1,7 +1,6 @@ | |||
| 1 | dnl Process this file with autoconf to produce a configure script. | 1 | dnl Process this file with autoconf to produce a configure script. |
| 2 | dnl This file is part of GNU cpio | 2 | dnl This file is part of GNU cpio |
| 3 | dnl Copyright (C) 2003-2007, 2009-2010, 2014-2015, 2017 Free Software | 3 | dnl Copyright (C) 2003-2019 Free Software Foundation, Inc. |
| 4 | dnl Foundation, Inc. | ||
| 5 | dnl | 4 | dnl |
| 6 | dnl This program is free software; you can redistribute it and/or modify | 5 | dnl This program is free software; you can redistribute it and/or modify |
| 7 | dnl it under the terms of the GNU General Public License as published by | 6 | dnl it under the terms of the GNU General Public License as published by |
| @@ -16,7 +15,7 @@ dnl | |||
| 16 | dnl You should have received a copy of the GNU General Public License | 15 | dnl You should have received a copy of the GNU General Public License |
| 17 | dnl along with this program. If not, see <http://www.gnu.org/licenses/>. | 16 | dnl along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 18 | 17 | ||
| 19 | AC_INIT([GNU cpio], [2.12], [bug-cpio@gnu.org],, | 18 | AC_INIT([GNU cpio], [2.13], [bug-cpio@gnu.org],, |
| 20 | [http://www.gnu.org/software/cpio]) | 19 | [http://www.gnu.org/software/cpio]) |
| 21 | AC_CONFIG_SRCDIR(src/cpio.h) | 20 | AC_CONFIG_SRCDIR(src/cpio.h) |
| 22 | AC_CONFIG_AUX_DIR([build-aux]) | 21 | AC_CONFIG_AUX_DIR([build-aux]) |
diff --git a/src/copyin.c b/src/copyin.c index fd20426..b29f348 100644 --- a/src/copyin.c +++ b/src/copyin.c | |||
| @@ -889,30 +889,34 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) | |||
| 889 | 889 | ||
| 890 | if (archive_format == arf_unknown) | 890 | if (archive_format == arf_unknown) |
| 891 | { | 891 | { |
| 892 | char tmpbuf[512]; | 892 | union |
| 893 | { | ||
| 894 | char s[512]; | ||
| 895 | unsigned short us; | ||
| 896 | } tmpbuf; | ||
| 893 | int check_tar; | 897 | int check_tar; |
| 894 | int peeked_bytes; | 898 | int peeked_bytes; |
| 895 | 899 | ||
| 896 | while (archive_format == arf_unknown) | 900 | while (archive_format == arf_unknown) |
| 897 | { | 901 | { |
| 898 | peeked_bytes = tape_buffered_peek (tmpbuf, in_des, 512); | 902 | peeked_bytes = tape_buffered_peek (tmpbuf.s, in_des, 512); |
| 899 | if (peeked_bytes < 6) | 903 | if (peeked_bytes < 6) |
| 900 | error (PAXEXIT_FAILURE, 0, _("premature end of archive")); | 904 | error (PAXEXIT_FAILURE, 0, _("premature end of archive")); |
| 901 | 905 | ||
| 902 | if (!strncmp (tmpbuf, "070701", 6)) | 906 | if (!strncmp (tmpbuf.s, "070701", 6)) |
| 903 | archive_format = arf_newascii; | 907 | archive_format = arf_newascii; |
| 904 | else if (!strncmp (tmpbuf, "070707", 6)) | 908 | else if (!strncmp (tmpbuf.s, "070707", 6)) |
| 905 | archive_format = arf_oldascii; | 909 | archive_format = arf_oldascii; |
| 906 | else if (!strncmp (tmpbuf, "070702", 6)) | 910 | else if (!strncmp (tmpbuf.s, "070702", 6)) |
| 907 | { | 911 | { |
| 908 | archive_format = arf_crcascii; | 912 | archive_format = arf_crcascii; |
| 909 | crc_i_flag = true; | 913 | crc_i_flag = true; |
| 910 | } | 914 | } |
| 911 | else if ((*((unsigned short *) tmpbuf) == 070707) || | 915 | else if (tmpbuf.us == 070707 |
| 912 | (*((unsigned short *) tmpbuf) == swab_short ((unsigned short) 070707))) | 916 | || tmpbuf.us == swab_short ((unsigned short) 070707)) |
| 913 | archive_format = arf_binary; | 917 | archive_format = arf_binary; |
| 914 | else if (peeked_bytes >= 512 | 918 | else if (peeked_bytes >= 512 |
| 915 | && (check_tar = is_tar_header (tmpbuf))) | 919 | && (check_tar = is_tar_header (tmpbuf.s))) |
| 916 | { | 920 | { |
| 917 | if (check_tar == 2) | 921 | if (check_tar == 2) |
| 918 | archive_format = arf_ustar; | 922 | archive_format = arf_ustar; |
| @@ -921,7 +925,7 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) | |||
| 921 | } | 925 | } |
| 922 | else | 926 | else |
| 923 | { | 927 | { |
| 924 | tape_buffered_read ((char *) tmpbuf, in_des, 1L); | 928 | tape_buffered_read (tmpbuf.s, in_des, 1L); |
| 925 | ++bytes_skipped; | 929 | ++bytes_skipped; |
| 926 | } | 930 | } |
| 927 | } | 931 | } |
diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at new file mode 100644 index 0000000..e877b39 --- /dev/null +++ b/tests/CVE-2019-14866.at | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | # Process this file with autom4te to create testsuite. -*- Autotest -*- | ||
| 2 | # Copyright (C) 2009-2019 Free Software Foundation, Inc. | ||
| 3 | # | ||
| 4 | # This program is free software; you can redistribute it and/or modify | ||
| 5 | # it under the terms of the GNU General Public License as published by | ||
| 6 | # the Free Software Foundation; either version 3, or (at your option) | ||
| 7 | # any later version. | ||
| 8 | # | ||
| 9 | # This program is distributed in the hope that it will be useful, | ||
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 12 | # GNU General Public License for more details. | ||
| 13 | # | ||
| 14 | # You should have received a copy of the GNU General Public License | ||
| 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
| 16 | |||
| 17 | AT_SETUP([CVE-2019-14866 (tar header size overflow)]) | ||
| 18 | AT_CHECK([ | ||
| 19 | # Use -s (seek) instead of -l (size) to speed up file creation. | ||
| 20 | # This can fail if the device lacks sufficient space. Skip the test, then. | ||
| 21 | if genfile -s 16G -f file; then | ||
| 22 | echo file | cpio -H tar -o > a.tar | ||
| 23 | s=$? | ||
| 24 | rm -f file | ||
| 25 | exit $? | ||
| 26 | else | ||
| 27 | AT_SKIP_TEST | ||
| 28 | fi | ||
| 29 | ], | ||
| 30 | [0], | ||
| 31 | [], | ||
| 32 | [cpio: file: value size 17179869184 out of allowed range 0..8589934591 | ||
| 33 | 2 blocks | ||
| 34 | ]) | ||
| 35 | AT_CLEANUP | ||
diff --git a/tests/Makefile.am b/tests/Makefile.am index 5b8e9ed..65bf470 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am | |||
| @@ -1,7 +1,6 @@ | |||
| 1 | # Makefile for GNU cpio regression tests. | 1 | # Makefile for GNU cpio regression tests. |
| 2 | 2 | ||
| 3 | # Copyright (C) 2004, 2007-2010, 2014-2015, 2017 Free Software | 3 | # Copyright (C) 2004-2019 Free Software Foundation, Inc. |
| 4 | # Foundation, Inc. | ||
| 5 | 4 | ||
| 6 | ## This program is free software; you can redistribute it and/or modify | 5 | ## This program is free software; you can redistribute it and/or modify |
| 7 | ## it under the terms of the GNU General Public License as published by | 6 | ## it under the terms of the GNU General Public License as published by |
| @@ -57,7 +56,8 @@ TESTSUITE_AT = \ | |||
| 57 | symlink-to-stdout.at\ | 56 | symlink-to-stdout.at\ |
| 58 | version.at\ | 57 | version.at\ |
| 59 | big-block-size.at\ | 58 | big-block-size.at\ |
| 60 | CVE-2015-1197.at | 59 | CVE-2015-1197.at\ |
| 60 | CVE-2019-14866.at | ||
| 61 | 61 | ||
| 62 | TESTSUITE = $(srcdir)/testsuite | 62 | TESTSUITE = $(srcdir)/testsuite |
| 63 | 63 | ||
diff --git a/tests/testsuite.at b/tests/testsuite.at index 10cb8b9..aa56bb9 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at | |||
| @@ -45,3 +45,4 @@ m4_include([setstat05.at]) | |||
| 45 | m4_include([big-block-size.at]) | 45 | m4_include([big-block-size.at]) |
| 46 | 46 | ||
| 47 | m4_include([CVE-2015-1197.at]) | 47 | m4_include([CVE-2015-1197.at]) |
| 48 | m4_include([CVE-2019-14866.at]) | ||