Control: tags 904749 + pending
Dear maintainer,
I've prepared an NMU for make-dfsg (versioned as 4.2.1-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards.
diff -u make-dfsg-4.2.1/arscan.c make-dfsg-4.2.1/arscan.c
--- make-dfsg-4.2.1/arscan.c
+++ make-dfsg-4.2.1/arscan.c
@@ -414,6 +414,7 @@
# endif
#endif
char *namemap = 0;
+ int namemap_size = 0;
int desc = open (archive, O_RDONLY, 0);
if (desc < 0)
return -1;
@@ -667,10 +668,15 @@
&& namemap != 0)
{
int name_off = atoi (name + 1);
- if (name_off < 1 || name_off > ARNAME_MAX)
+ int name_len;
+
+ if (name_off < 0 || name_off >= namemap_size)
goto invalid;
name = namemap + name_off;
+ name_len = strlen (name);
+ if (name_len < 1)
+ goto invalid;
long_name = 1;
}
else if (name[0] == '#'
@@ -678,7 +684,8 @@
&& name[2] == '/')
{
int name_len = atoi (name + 3);
- if (name_len < 1 || name_len > ARNAME_MAX)
+
+ if (name_len < 1 || name_len > INT_MAX)
goto invalid;
name = alloca (name_len + 1);
@@ -747,10 +754,13 @@
char *clear;
char *limit;
- namemap = alloca (eltsize);
+ if (eltsize > INT_MAX)
+ goto invalid;
+ namemap = alloca (eltsize + 1);
EINTRLOOP (nread, read (desc, namemap, eltsize));
if (nread != eltsize)
goto invalid;
+ namemap_size = eltsize;
/* The names are separated by newlines. Some formats have
a trailing slash. Null terminate the strings for
@@ -765,6 +775,7 @@
clear[-1] = '\0';
}
}
+ *limit = '\0';
is_namemap = 0;
}
diff -u make-dfsg-4.2.1/debian/changelog make-dfsg-4.2.1/debian/changelog
--- make-dfsg-4.2.1/debian/changelog
+++ make-dfsg-4.2.1/debian/changelog
@@ -1,3 +1,11 @@
+make-dfsg (4.2.1-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix validation of long names in archives (regression in 4.2.1-1.1)
+ (Closes: #904749)
+
+ -- Ben Hutchings <[email protected]> Sat, 28 Jul 2018 18:07:31 +0800
+
make-dfsg (4.2.1-1.1) unstable; urgency=medium
* Non-maintainer upload
