diff options
| author | Zach van Rijn <me@zv.io> | 2022-11-11 17:37:52 -0600 |
|---|---|---|
| committer | Zach van Rijn <me@zv.io> | 2022-11-11 17:45:10 -0600 |
| commit | eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5 (patch) | |
| tree | cef56a73be9337b2d4d6a3c9c9f1138e5da8f3e3 /user/fastjar/CVE-2010-0831,2322.patch | |
| parent | ab1c259053596aaee4310a5e3f09591755e4ccf8 (diff) | |
| download | packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.gz packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.bz2 packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.xz packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.zip | |
user/fastjar: add patch for CVE-2010-{0831,2322} and updater. fixes #136, #841.
Diffstat (limited to 'user/fastjar/CVE-2010-0831,2322.patch')
| -rw-r--r-- | user/fastjar/CVE-2010-0831,2322.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/user/fastjar/CVE-2010-0831,2322.patch b/user/fastjar/CVE-2010-0831,2322.patch new file mode 100644 index 000000000..acf9f3e86 --- /dev/null +++ b/user/fastjar/CVE-2010-0831,2322.patch @@ -0,0 +1,48 @@ +diff -ur fastjar-0.98.orig/jartool.c fastjar-0.98/jartool.c +--- fastjar-0.98.orig/jartool.c 2009-09-06 18:10:47.000000000 -0400 ++++ fastjar-0.98/jartool.c 2010-04-28 17:15:09.000000000 -0400 +@@ -1730,8 +1730,18 @@ + struct stat sbuf; + int depth = 0; + ++ if(strncmp((const char *)filename, "/", 1) == 0){ ++ fprintf(stderr, "Absolute path names are not allowed.\n"); ++ exit(EXIT_FAILURE); ++ } ++ + tmp_buff = malloc(sizeof(char) * strlen((const char *)filename)); + ++ if(tmp_buff == NULL) { ++ fprintf(stderr, "Out of memory.\n"); ++ exit(EXIT_FAILURE); ++ } ++ + for(;;){ + const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/'); + +@@ -1749,14 +1759,17 @@ + #ifdef DEBUG + printf("checking the existance of %s\n", tmp_buff); + #endif +- if(strcmp(tmp_buff, "..") == 0){ +- --depth; +- if (depth < 0){ +- fprintf(stderr, "Traversal to parent directories during unpacking!\n"); +- exit(EXIT_FAILURE); +- } +- } else if (strcmp(tmp_buff, ".") != 0) +- ++depth; ++ if(strcmp(tmp_buff, "..") == 0 || (strlen(tmp_buff) > 2 && strncmp(tmp_buff + strlen(tmp_buff) - 3, "/..", 3) == 0)){ ++ --depth; ++ if (depth < 0){ ++ fprintf(stderr, "Traversal to parent directories during unpacking!\n"); ++ exit(EXIT_FAILURE); ++ } ++ } else if (strcmp(tmp_buff, ".") == 0 || (strlen(tmp_buff) > 1 && strncmp(tmp_buff + strlen(tmp_buff) - 2, "/.", 2) == 0)){ ++ /* Do nothing, the current directory is "." */ ++ } else ++ ++depth; ++ + if(stat(tmp_buff, &sbuf) < 0){ + if(errno != ENOENT) + exit_on_error("stat"); |