guix/gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch
Mark H Weaver c7bdc7ece5 gnu: cpio: Add fixes for CVE-2014-9112.
* gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/cpio.scm (cpio): Add patches.  Add 'autoconf' to
  native-inputs.
2014-12-30 14:48:13 -05:00

89 lines
3.3 KiB
Diff

Partially fix CVE-2014-9112, part 5/5. Backported to 2.11.
From f6a8a2cbd2d5ca40ea94900b55b845dd5ca87328 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org.ua>
Date: Thu, 11 Dec 2014 13:21:40 +0000
Subject: Fix symlink-bad-length test for 64-bit architectures.
* src/util.c: Return non-zero exit code if EOF is hit prematurely.
* tests/symlink-bad-length.at: Revert to original archive: there's
no use testing for recovery, because that depends on the host
architecture. Don't test for exit code as well (same reason).
Account for eventual warning messages.
---
diff --git a/src/util.c b/src/util.c
index 6c483f8..39c9813 100644
--- a/src/util.c
+++ b/src/util.c
@@ -206,10 +206,7 @@ tape_fill_input_buffer (int in_des, int
if (input_size < 0)
error (1, errno, _("read error"));
if (input_size == 0)
- {
- error (0, 0, _("premature end of file"));
- exit (1);
- }
+ error (PAXEXIT_FAILURE, 0, _("premature end of file"));
input_bytes += input_size;
}
diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
index 4dbeaa3..e1a7093 100644
--- a/tests/symlink-bad-length.at
+++ b/tests/symlink-bad-length.at
@@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length])
AT_KEYWORDS([symlink-long copyout])
AT_DATA([ARCHIVE.base64],
-[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk
-AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA
-c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA
+[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv
+JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF
+UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
@@ -35,25 +35,30 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
])
+# The exact error message and exit status depend on the host architecture,
+# therefore strderr is filtered out and error code is not checked.
+
+# So far the only case when cpio would exit with code 0 is when it skips
+# several bytes and encounters a valid record header. Perhaps it should
+# exit with code 2 (non-critical error), if at least one byte was skipped,
+# but that could hurt backward compatibility.
+
AT_CHECK([
base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
-TZ=UTC cpio -ntv < ARCHIVE 2>stderr
-rc=$?
+TZ=UTC cpio -ntv < ARCHIVE 2>stderr
cat stderr | grep -v \
-e 'stored filename length is out of range' \
-e 'premature end of file' \
-e 'archive header has reverse byte-order' \
-e 'memory exhausted' \
+ -e 'skipped [[0-9][0-9]*] bytes of junk' \
+ -e '[[0-9][0-9]*] block' \
>&2
echo >&2 STDERR
-test "$rc" -ne 0
],
-[1],
-[-rw-rw-r-- 1 1000 100 13 Dec 11 09:02 FILE
--rw-r--r-- 1 1000 100 18 Dec 11 10:13 FILE2
-],[cpio: warning: skipped 4 bytes of junk
-1 block
-STDERR
+[0],
+[-rw-rw-r-- 1 10029 10031 13 Nov 25 11:52 FILE
+],[STDERR
])
AT_CLEANUP
--
cgit v0.9.0.2