|
|
58251f |
From 3014e19820ea53c15c90f9d447ca3e668a0b76c6 Mon Sep 17 00:00:00 2001
|
|
|
58251f |
From: Tim Kientzle <kientzle@acm.org>
|
|
|
58251f |
Date: Sat, 28 May 2016 11:50:39 -0700
|
|
|
58251f |
Subject: [PATCH] Issue 711: Be more careful about verifying filename lengths
|
|
|
58251f |
when writing ISO9660 archives
|
|
|
58251f |
|
|
|
58251f |
* Don't cast size_t to int, since this can lead to overflow
|
|
|
58251f |
on machines where sizeof(int) < sizeof(size_t)
|
|
|
58251f |
* Check a + b > limit by writing it as
|
|
|
58251f |
a > limit || b > limit || a + b > limit
|
|
|
58251f |
to avoid problems when a + b wraps around.
|
|
|
58251f |
---
|
|
|
58251f |
libarchive/archive_write_set_format_iso9660.c | 18 ++++++++++--------
|
|
|
58251f |
1 file changed, 10 insertions(+), 8 deletions(-)
|
|
|
58251f |
|
|
|
58251f |
diff --git a/libarchive/archive_write_set_format_iso9660.c b/libarchive/archive_write_set_format_iso9660.c
|
|
|
58251f |
index 4d832fb..cb3e54e 100644
|
|
|
58251f |
--- a/libarchive/archive_write_set_format_iso9660.c
|
|
|
58251f |
+++ b/libarchive/archive_write_set_format_iso9660.c
|
|
|
58251f |
@@ -6225,7 +6225,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
|
|
|
58251f |
unsigned char *p;
|
|
|
58251f |
size_t l;
|
|
|
58251f |
int r;
|
|
|
58251f |
- int ffmax, parent_len;
|
|
|
58251f |
+ size_t ffmax, parent_len;
|
|
|
58251f |
static const struct archive_rb_tree_ops rb_ops = {
|
|
|
58251f |
isoent_cmp_node_joliet, isoent_cmp_key_joliet
|
|
|
58251f |
};
|
|
|
58251f |
@@ -6239,7 +6239,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
|
|
|
58251f |
else
|
|
|
58251f |
ffmax = 128;
|
|
|
58251f |
|
|
|
58251f |
- r = idr_start(a, idr, isoent->children.cnt, ffmax, 6, 2, &rb_ops);
|
|
|
58251f |
+ r = idr_start(a, idr, isoent->children.cnt, (int)ffmax, 6, 2, &rb_ops);
|
|
|
58251f |
if (r < 0)
|
|
|
58251f |
return (r);
|
|
|
58251f |
|
|
|
58251f |
@@ -6252,7 +6252,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
|
|
|
58251f |
int ext_off, noff, weight;
|
|
|
58251f |
size_t lt;
|
|
|
58251f |
|
|
|
58251f |
- if ((int)(l = np->file->basename_utf16.length) > ffmax)
|
|
|
58251f |
+ if ((l = np->file->basename_utf16.length) > ffmax)
|
|
|
58251f |
l = ffmax;
|
|
|
58251f |
|
|
|
58251f |
p = malloc((l+1)*2);
|
|
|
58251f |
@@ -6285,7 +6285,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
|
|
|
58251f |
/*
|
|
|
58251f |
* Get a length of MBS of a full-pathname.
|
|
|
58251f |
*/
|
|
|
58251f |
- if ((int)np->file->basename_utf16.length > ffmax) {
|
|
|
58251f |
+ if (np->file->basename_utf16.length > ffmax) {
|
|
|
58251f |
if (archive_strncpy_l(&iso9660->mbs,
|
|
|
58251f |
(const char *)np->identifier, l,
|
|
|
58251f |
iso9660->sconv_from_utf16be) != 0 &&
|
|
|
58251f |
@@ -6302,7 +6302,9 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
|
|
|
58251f |
|
|
|
58251f |
/* If a length of full-pathname is longer than 240 bytes,
|
|
|
58251f |
* it violates Joliet extensions regulation. */
|
|
|
58251f |
- if (parent_len + np->mb_len > 240) {
|
|
|
58251f |
+ if (parent_len > 240
|
|
|
58251f |
+ || np->mb_len > 240
|
|
|
58251f |
+ || parent_len + np->mb_len > 240) {
|
|
|
58251f |
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
|
|
|
58251f |
"The regulation of Joliet extensions;"
|
|
|
58251f |
" A length of a full-pathname of `%s' is "
|
|
|
58251f |
@@ -6314,11 +6316,11 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
|
|
|
58251f |
|
|
|
58251f |
/* Make an offset of the number which is used to be set
|
|
|
58251f |
* hexadecimal number to avoid duplicate identifier. */
|
|
|
58251f |
- if ((int)l == ffmax)
|
|
|
58251f |
+ if (l == ffmax)
|
|
|
58251f |
noff = ext_off - 6;
|
|
|
58251f |
- else if ((int)l == ffmax-2)
|
|
|
58251f |
+ else if (l == ffmax-2)
|
|
|
58251f |
noff = ext_off - 4;
|
|
|
58251f |
- else if ((int)l == ffmax-4)
|
|
|
58251f |
+ else if (l == ffmax-4)
|
|
|
58251f |
noff = ext_off - 2;
|
|
|
58251f |
else
|
|
|
58251f |
noff = ext_off;
|
|
|
58251f |
--
|
|
|
58251f |
2.7.4
|
|
|
58251f |
|