summaryrefslogtreecommitdiff
path: root/user/fastjar/efficiency.patch
diff options
context:
space:
mode:
authorZach van Rijn <me@zv.io>2022-11-11 17:37:52 -0600
committerZach van Rijn <me@zv.io>2022-11-11 17:45:10 -0600
commiteee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5 (patch)
treecef56a73be9337b2d4d6a3c9c9f1138e5da8f3e3 /user/fastjar/efficiency.patch
parentab1c259053596aaee4310a5e3f09591755e4ccf8 (diff)
downloadpackages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.gz
packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.bz2
packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.tar.xz
packages-eee8b8ef4d2ee4cbf2d74bc7fd27c5d857e44ec5.zip
user/fastjar: add patch for CVE-2010-{0831,2322} and updater. fixes #136, #841.
Diffstat (limited to 'user/fastjar/efficiency.patch')
-rw-r--r--user/fastjar/efficiency.patch34
1 files changed, 0 insertions, 34 deletions
diff --git a/user/fastjar/efficiency.patch b/user/fastjar/efficiency.patch
index 54c471e25..b71b02f8c 100644
--- a/user/fastjar/efficiency.patch
+++ b/user/fastjar/efficiency.patch
@@ -28,40 +28,6 @@ Author: Dan Rosenberg <dan.j.rosenberg@gmail.com>
for(;;){
const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/');
-@@ -1739,25 +1749,28 @@
- if(idx == NULL)
- break;
- else if(idx == start){
-+ tmp_buff[idx - filename] = '/';
- start++;
- continue;
- }
-- start = idx + 1;
-
-- strncpy(tmp_buff, (const char *)filename, (idx - filename));
-- tmp_buff[(idx - filename)] = '\0';
-+ memcpy(tmp_buff + (start - filename), (const char *)start, (idx - start));
-+ tmp_buff[idx - filename] = '\0';
-
- #ifdef DEBUG
- printf("checking the existance of %s\n", tmp_buff);
- #endif
-- if(strcmp(tmp_buff, "..") == 0){
-+ if(idx - start == 2 && memcmp(start, "..", 2) == 0){
- --depth;
- if (depth < 0){
- fprintf(stderr, "Traversal to parent directories during unpacking!\n");
- exit(EXIT_FAILURE);
- }
-- } else if (strcmp(tmp_buff, ".") != 0)
-+ } else if (idx - start != 1 || *start != '.')
- ++depth;
-+
-+ start = idx + 1;
-+
- if(stat(tmp_buff, &sbuf) < 0){
- if(errno != ENOENT)
- exit_on_error("stat");
@@ -1766,6 +1779,7 @@
#ifdef DEBUG
printf("Directory exists\n");