| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Report also version numbers as invalid if there's more than 18
digits.
fixes #10774
|
|
|
|
and fix the error code if untrusted adb is seen
|
|
|
|
apk_extract_file() already calls unlink if the error is fatal.
|
|
|
|
see https://gitlab.alpinelinux.org/alpine/aports/-/issues/11736
[TT: minor stylistic change]
|
|
Without this header the build fails when used as a OpenWrt build
dependency.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
|
|
Make sure we always have valid struct apk_trust * for code using it.
Load the signing keys directly when being specified to produce
sane error message if loading them fails.
|
|
In most places where pointer can be an 'error' it cannot be null
pointer. Further, in those cases just calling PTR_ERR() is not enough
to handle the null case. Simplify code by removing this case.
If NULL case needs to be handled, it's better to add separate check
and return fixed error code in that case.
|
|
|
|
- check magic field for 'ustar' on read
- harden get_octal to report errors on non-octal characters
(e.g. GNU base256 encoding), fixes #10757
- fix mtime and size octal fields to not have zero terminator
|
|
fixes #10762
|
|
fixes #10759
|
|
'is' is null for directories
|
|
Directories are handled specially in package installation code, but
extract applet uses also apk_extract_file() to create directories.
These should not be unlinked as that fails with unexpected error code
terminating the extraction.
|
|
Unbreak handling of base 16 in fetch_parseuint(). It is used
only in http chunked mode handling.
Fixes: "libfetch: fix range checking for http/ftp protocol parsing"
|
|
|
|
|
|
|
|
|
|
The extract applet now works with both v2 and v3 packages.
|
|
This splits the callbacks by type, and further prepares the API
to be usable for v3 files too.
|
|
This moves and isolates the tar code to tar.c. And the actual
file extraction to disk is moved to extract.c.
A new API is introduced and used for v2 file extraction. This
essentially moves and isolates the apk_sign_ctx_* beast into
extract_v2.c and offers a saner interface to handling packages.
A place holder is added for v3 extraction.
|
|
fix the error checking, allow --force-overwrite to work and
do not delete existing file in case of error
|
|
Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.
CVE-2021-36159
fixes #10749
Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>
|
|
|
|
Make errors more observable. Unfortunately full rollback is
non-trivial to implement. This is something to be fixed with
the v3 database format.
|
|
Packages containing files with path names longer than 1024 characters
cannot fit into the buffer which is used to write "installed" database.
This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because
apk_blob_push_blob notices the condition and correctly handles it.
The problem occurs when arguments to apk_ostream_write are manually
calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a
case, bbuf.ptr - buf leads to a huge size value while buf still points
into the stack.
fixes #10751
[TT: minor edit to commit and abbreviating the commit message]
|
|
|
|
If a signature is longer than max allowed adb signature length
then adb_walk_block writes out of boundary of stack variable tmp.
The len += snprintf is not safe per standard snprintf implementation
(kernel does it differently). Introduce and use apk_blob_push_fmt
which does the checking better.
Fixes #10752
Reported-by: Samanta Navarro <ferivoz@riseup.net>
|
|
[TT: minor stylistic changes]
|
|
|
|
fixes #10748
|
|
Add uvol_name to struct apk_file_info so it can be passed down
the extract callbacks in future work. Modify uvol name to not
include the path, but just the filename portion.
|
|
|
|
|
|
|
|
In struct adb, do not keep the whole header, just the schema
in host byte order.
|
|
Harden the error checking of expected block types and their order.
Add ADB_BLOCK_DATAX as reserved for >1GB blocks.
|
|
|
|
|
|
|
|
- apk_istream_splice usage is converted to apk_stream_copy which
is the newer variant. With caching enabled by default, this
makes more sense mmapping or using separate buffers.
- apk_istream_tee is reworked to write to apk_ostream, which simplifies
quite a bit of various things
|
|
The interface was slightly cumbersome, so replace these functions
to return explicit error, and make the return blob a pointer arg.
|
|
It is no longer needed, and can be later reintroduced if needed.
|
|
Removes code duplication, and puts important checks in one place.
Support seamless decompression in adbdump.
|
|
|
|
Add compression header of adb files. Support uncompressed and
deflate compression at this time.
|
