user/fastjar: add patch for CVE-2010-{0831,2322} and updater. fixes #136, #841.

1 files changed, 0 insertions, 34 deletions

diff --git a/user/fastjar/efficiency.patch b/user/fastjar/efficiency.patch
index 54c471e25..b71b02f8c 100644
--- a/user/fastjar/efficiency.patch
+++ b/user/fastjar/efficiency.patch
@@ -28,40 +28,6 @@ Author: Dan Rosenberg <dan.j.rosenberg@gmail.com>
  
        for(;;){
          const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/');
-@@ -1739,25 +1749,28 @@
-         if(idx == NULL)
-           break;
-         else if(idx == start){
-+	  tmp_buff[idx - filename] = '/';
-           start++;
-           continue;
-         }
--        start = idx + 1;
- 
--        strncpy(tmp_buff, (const char *)filename, (idx - filename));
--        tmp_buff[(idx - filename)] = '\0';
-+	memcpy(tmp_buff + (start - filename), (const char *)start, (idx - start));
-+	tmp_buff[idx - filename] = '\0';
- 
- #ifdef DEBUG    
-         printf("checking the existance of %s\n", tmp_buff);
- #endif
--	if(strcmp(tmp_buff, "..") == 0){
-+	if(idx - start == 2 && memcmp(start, "..", 2) == 0){
- 	  --depth;
- 	  if (depth < 0){
- 	    fprintf(stderr, "Traversal to parent directories during unpacking!\n");
- 	    exit(EXIT_FAILURE);
- 	  }
--	} else if (strcmp(tmp_buff, ".") != 0)
-+	} else if (idx - start != 1 || *start != '.')
- 	  ++depth;
-+
-+        start = idx + 1;
-+
-         if(stat(tmp_buff, &sbuf) < 0){
-           if(errno != ENOENT)
-             exit_on_error("stat");
 @@ -1766,6 +1779,7 @@
  #ifdef DEBUG    
            printf("Directory exists\n");