pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/archivers/unzoo
Module Name: pkgsrc
Committed By: rillig
Date: Thu Mar 26 22:29:47 UTC 2020
Modified Files:
pkgsrc/archivers/unzoo: Makefile distinfo
Added Files:
pkgsrc/archivers/unzoo/patches: patch-unzoo.c
Log Message:
archivers/unzoo: fix out-of-bounds read when matching non-ASCII
Found by GCC's -Wchar-subscripts.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/archivers/unzoo/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/archivers/unzoo/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/archivers/unzoo/patches/patch-unzoo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/archivers/unzoo/Makefile
diff -u pkgsrc/archivers/unzoo/Makefile:1.14 pkgsrc/archivers/unzoo/Makefile:1.15
--- pkgsrc/archivers/unzoo/Makefile:1.14 Thu Oct 9 14:05:54 2014
+++ pkgsrc/archivers/unzoo/Makefile Thu Mar 26 22:29:47 2020
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.14 2014/10/09 14:05:54 wiz Exp $
+# $NetBSD: Makefile,v 1.15 2020/03/26 22:29:47 rillig Exp $
#
DISTNAME= unzoo.c
PKGNAME= unzoo-4.4
+PKGREVISION= 1
CATEGORIES= archivers
MASTER_SITES= # no dist site available
EXTRACT_SUFX= # empty
Index: pkgsrc/archivers/unzoo/distinfo
diff -u pkgsrc/archivers/unzoo/distinfo:1.3 pkgsrc/archivers/unzoo/distinfo:1.4
--- pkgsrc/archivers/unzoo/distinfo:1.3 Tue Nov 3 00:56:26 2015
+++ pkgsrc/archivers/unzoo/distinfo Thu Mar 26 22:29:47 2020
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.3 2015/11/03 00:56:26 agc Exp $
+$NetBSD: distinfo,v 1.4 2020/03/26 22:29:47 rillig Exp $
SHA1 (unzoo.c) = 99a6e9922ccdf5d454c78d3a514d5e33ae17562d
RMD160 (unzoo.c) = f7cf751dc865e73d3c51e4476dd2472e409b20ff
SHA512 (unzoo.c) = d293e244e44af131702550ddefdd035e32de3e7228f6c1c805139d448ba96357931405d313405572c30fc7c8d2ff005cc0ffc4d0ad209f47ee9ec1217ccaed21
Size (unzoo.c) = 115328 bytes
+SHA1 (patch-unzoo.c) = 5b652586c919a8a5a5498c00ae2330620af39ea4
Added files:
Index: pkgsrc/archivers/unzoo/patches/patch-unzoo.c
diff -u /dev/null pkgsrc/archivers/unzoo/patches/patch-unzoo.c:1.1
--- /dev/null Thu Mar 26 22:29:47 2020
+++ pkgsrc/archivers/unzoo/patches/patch-unzoo.c Thu Mar 26 22:29:47 2020
@@ -0,0 +1,41 @@
+$NetBSD: patch-unzoo.c,v 1.1 2020/03/26 22:29:47 rillig Exp $
+
+unzoo.c: In function 'IsMatchName':
+unzoo.c:1268:40: error: array subscript has type 'char' [-Werror=char-subscripts]
+ else if ( *pat=='?' && ! IsSpec[*str] ) { pat++; str++; }
+ ^
+unzoo.c:1271:40: error: array subscript has type 'char' [-Werror=char-subscripts]
+ else if ( tmp != 0 && ! IsSpec[*tmp] ) { pat = pos; str = ++tmp; }
+ ^
+
+This looks indeed like undefined behavior since the function IsMatchName
+accepts arbitrary filenames, and filenames containing non-ASCII
+characters would access the array outside of its bounds.
+
+On NetBSD-8.0-x86_64 using GCC 5.5.0 the memory below IsSpec is BufArch,
+which means that pattern matching depended on the contents of the archive
+before.
+
+--- unzoo.c.orig 2020-03-26 22:01:16.074248902 +0000
++++ unzoo.c
+@@ -244,6 +244,7 @@
+ *H
+ */
+ #include <stdio.h>
++#include <string.h>
+
+
+ /****************************************************************************
+@@ -1265,10 +1266,10 @@ int IsMatchName ( pat, str )
+ /* try to match the name part */
+ while ( *pat != '\0' || *str != '\0' ) {
+ if ( *pat==*str ) { pat++; str++; }
+- else if ( *pat=='?' && ! IsSpec[*str] ) { pat++; str++; }
++ else if ( *pat=='?' && ! IsSpec[(unsigned char) *str] ) { pat++; str++; }
+ else if ( *pat=='?' && *str != '\0' ) { pat++; str++; }
+ else if ( *pat=='*' ) { pos = ++pat; tmp = str; }
+- else if ( tmp != 0 && ! IsSpec[*tmp] ) { pat = pos; str = ++tmp; }
++ else if ( tmp != 0 && ! IsSpec[(unsigned char) *tmp] ) { pat = pos; str = ++tmp; }
+ else break;
+ }
+ return *pat == '\0' && *str == '\0';
Home |
Main Index |
Thread Index |
Old Index