summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMamoru Komachi <usata@gentoo.org>2004-05-04 12:17:34 +0000
committerMamoru Komachi <usata@gentoo.org>2004-05-04 12:17:34 +0000
commitc8d7c3b993288a822b7f43f1bd2005da17d94233 (patch)
tree749226316e5be24e0f19e567576a2929bb92c12f /app-arch/lha/files
parentAdd missing IUSE. (Manifest recommit) (diff)
downloadgentoo-2-c8d7c3b993288a822b7f43f1bd2005da17d94233.tar.gz
gentoo-2-c8d7c3b993288a822b7f43f1bd2005da17d94233.tar.bz2
gentoo-2-c8d7c3b993288a822b7f43f1bd2005da17d94233.zip
Applied buffer overflows and directory traversal patches. See http://lists.netsys.com/pipermail/full-disclosure/2004-May/020776.html for detail.
Diffstat (limited to 'app-arch/lha/files')
-rw-r--r--app-arch/lha/files/digest-lha-114i-r21
-rw-r--r--app-arch/lha/files/lha-114i.diff75
2 files changed, 76 insertions, 0 deletions
diff --git a/app-arch/lha/files/digest-lha-114i-r2 b/app-arch/lha/files/digest-lha-114i-r2
new file mode 100644
index 000000000000..44da31fd5180
--- /dev/null
+++ b/app-arch/lha/files/digest-lha-114i-r2
@@ -0,0 +1 @@
+MD5 5225884d557b91f04124693e2c5c9e94 lha-114i.tar.gz 64608
diff --git a/app-arch/lha/files/lha-114i.diff b/app-arch/lha/files/lha-114i.diff
new file mode 100644
index 000000000000..d723d668a94c
--- /dev/null
+++ b/app-arch/lha/files/lha-114i.diff
@@ -0,0 +1,75 @@
+--- header.c.old 2000-10-05 19:36:03.000000000 +0200
++++ header.c 2004-04-17 23:55:54.000000000 +0200
+@@ -538,6 +538,10 @@
+ /*
+ * filename
+ */
++ if (header_size >= 256) {
++ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");
++ exit(109);
++ }
+ for (i = 0; i < header_size - 3; i++)
+ hdr->name[i] = (char) get_byte();
+ hdr->name[header_size - 3] = '\0';
+@@ -547,6 +551,10 @@
+ /*
+ * directory
+ */
++ if (header_size >= FILENAME_LENGTH) {
++ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");
++ exit(110);
++ }
+ for (i = 0; i < header_size - 3; i++)
+ dirname[i] = (char) get_byte();
+ dirname[header_size - 3] = '\0';
+--- lhext.c.old 2000-10-04 16:57:38.000000000 +0200
++++ lhext.c 2004-04-18 01:27:44.000000000 +0200
+@@ -190,8 +190,13 @@
+ q = (char *) rindex(hdr->name, '/') + 1;
+ }
+ else {
++ if (is_directory_traversal(q)) {
++ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
++ exit(111);
++ }
++
+ if (*q == '/') {
+- q++;
++ while (*q == '/') { q++; }
+ /*
+ * if OSK then strip device name
+ */
+@@ -419,6 +424,33 @@
+ return;
+ }
+
++int
++is_directory_traversal(char *string)
++{
++ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
++ char *temp;
++
++ temp = string;
++
++ while (*temp != 0) {
++ if (temp[0] == '/') {
++ if (type == 1) { return 1; }
++ type = 0;
++ temp++;
++ continue;
++ }
++
++ if ((temp[0] == '.') && (type < 2))
++ type = 1;
++ if (temp[0] != '.')
++ type = 2;
++
++ temp++;
++ } /* while */
++
++ return (type == 1);
++}
++
+ /* Local Variables: */
+ /* mode:c */
+ /* tab-width:4 */