summaryrefslogtreecommitdiff
path: root/user/fastjar/CVE-2010-0831,2322.patch
diff options
context:
space:
mode:
authorZach van Rijn <me@zv.io>2022-11-11 17:37:52 -0600
committerZach van Rijn <me@zv.io>2022-11-11 17:45:10 -0600
commiteee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5 (patch)
treecef56a73be9337b2d4d6a3c9c9f1138e5da8f3e3 /user/fastjar/CVE-2010-0831,2322.patch
parentab1c259053596aaee4310a5e3f09591755e4ccf8 (diff)
downloadpackages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.gz
packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.bz2
packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.xz
packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.zip
user/fastjar: add patch for CVE-2010-{0831,2322} and updater. fixes #136, #841.
Diffstat (limited to 'user/fastjar/CVE-2010-0831,2322.patch')
-rw-r--r--user/fastjar/CVE-2010-0831,2322.patch48
1 files changed, 48 insertions, 0 deletions
diff --git a/user/fastjar/CVE-2010-0831,2322.patch b/user/fastjar/CVE-2010-0831,2322.patch
new file mode 100644
index 000000000..acf9f3e86
--- /dev/null
+++ b/user/fastjar/CVE-2010-0831,2322.patch
@@ -0,0 +1,48 @@
+diff -ur fastjar-0.98.orig/jartool.c fastjar-0.98/jartool.c
+--- fastjar-0.98.orig/jartool.c 2009-09-06 18:10:47.000000000 -0400
++++ fastjar-0.98/jartool.c 2010-04-28 17:15:09.000000000 -0400
+@@ -1730,8 +1730,18 @@
+ struct stat sbuf;
+ int depth = 0;
+
++ if(strncmp((const char *)filename, "/", 1) == 0){
++ fprintf(stderr, "Absolute path names are not allowed.\n");
++ exit(EXIT_FAILURE);
++ }
++
+ tmp_buff = malloc(sizeof(char) * strlen((const char *)filename));
+
++ if(tmp_buff == NULL) {
++ fprintf(stderr, "Out of memory.\n");
++ exit(EXIT_FAILURE);
++ }
++
+ for(;;){
+ const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/');
+
+@@ -1749,14 +1759,17 @@
+ #ifdef DEBUG
+ printf("checking the existance of %s\n", tmp_buff);
+ #endif
+- if(strcmp(tmp_buff, "..") == 0){
+- --depth;
+- if (depth < 0){
+- fprintf(stderr, "Traversal to parent directories during unpacking!\n");
+- exit(EXIT_FAILURE);
+- }
+- } else if (strcmp(tmp_buff, ".") != 0)
+- ++depth;
++ if(strcmp(tmp_buff, "..") == 0 || (strlen(tmp_buff) > 2 && strncmp(tmp_buff + strlen(tmp_buff) - 3, "/..", 3) == 0)){
++ --depth;
++ if (depth < 0){
++ fprintf(stderr, "Traversal to parent directories during unpacking!\n");
++ exit(EXIT_FAILURE);
++ }
++ } else if (strcmp(tmp_buff, ".") == 0 || (strlen(tmp_buff) > 1 && strncmp(tmp_buff + strlen(tmp_buff) - 2, "/.", 2) == 0)){
++ /* Do nothing, the current directory is "." */
++ } else
++ ++depth;
++
+ if(stat(tmp_buff, &sbuf) < 0){
+ if(errno != ENOENT)
+ exit_on_error("stat");