pyrox.dev
lol
cpio: patch CVE-2016-2037, out of bounds write (close #13489)
authored by
Graham Christensen
and committed by
Vladimír Čunát
483a130f
b9ab76c2
+33
+29
pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch
+29
pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch
···
1
+
diff --git a/src/copyin.c b/src/copyin.c
2
+
index cde911e..032d35f 100644
3
+
--- a/src/copyin.c
4
+
+++ b/src/copyin.c
5
+
@@ -1385,6 +1385,8 @@ process_copy_in ()
6
+
break;
7
+
}
8
+
9
+
+ if (file_hdr.c_namesize <= 1)
10
+
+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
11
+
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
12
+
false);
13
+
14
+
diff --git a/src/util.c b/src/util.c
15
+
index 6ff6032..2763ac1 100644
16
+
--- a/src/util.c
17
+
+++ b/src/util.c
18
+
@@ -1411,7 +1411,10 @@ set_file_times (int fd,
19
+
}
20
+
21
+
/* Do we have to ignore absolute paths, and if so, does the filename
22
+
- have an absolute path? */
23
+
+ have an absolute path?
24
+
+ Before calling this function make sure that the allocated NAME buffer has
25
+
+ capacity at least 2 bytes to allow us to store the "." string inside. */
26
+
+
27
+
void
28
+
cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
29
+
bool strip_leading_dots)
+4
pkgs/tools/archivers/cpio/default.nix
+4
pkgs/tools/archivers/cpio/default.nix
···
19
19
+ "CVE-2015-1197-cpio-2.12.patch";
20
20
sha256 = "0ph43m4lavwkc4gnl5h9p3da4kb1pnhwk5l2qsky70dqri8pcr8v";
21
21
})
22
+
23
+
# Report: http://www.openwall.com/lists/oss-security/2016/01/19/4
24
+
# Patch from https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
25
+
./CVE-2016-2037-out-of-bounds-write.patch
22
26
];
23
27
24
28
preConfigure = if stdenv.isCygwin then ''