|
 |
da6346 |
From a787fc5c556cbbc7f3de308d25b7527f9da5a0da Mon Sep 17 00:00:00 2001
|
|
|
da6346 |
From: "Barton E. Schaefer" <schaefer@zsh.org>
|
|
|
da6346 |
Date: Sun, 19 Jan 2014 17:41:06 -0800
|
|
|
495835 |
Subject: [PATCH 1/3] 32294: prevent buffer overflow when scanning very long
|
|
|
da6346 |
directory paths for symbolic links
|
|
|
da6346 |
|
|
|
da6346 |
Upstream-commit: 3e06aeabd8a9e8384ebaa8b08996cd1f64737210
|
|
|
da6346 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
da6346 |
---
|
|
|
da6346 |
Src/utils.c | 31 ++++++++++++++++++-------------
|
|
|
da6346 |
1 file changed, 18 insertions(+), 13 deletions(-)
|
|
|
da6346 |
|
|
|
da6346 |
diff --git a/Src/utils.c b/Src/utils.c
|
|
|
da6346 |
index 20fa59d..a197ef8 100644
|
|
|
da6346 |
--- a/Src/utils.c
|
|
|
da6346 |
+++ b/Src/utils.c
|
|
|
da6346 |
@@ -726,32 +726,36 @@ xsymlinks(char *s)
|
|
|
da6346 |
char **pp, **opp;
|
|
|
da6346 |
char xbuf2[PATH_MAX*2], xbuf3[PATH_MAX*2];
|
|
|
da6346 |
int t0, ret = 0;
|
|
|
da6346 |
+ zulong xbuflen = strlen(xbuf);
|
|
|
da6346 |
|
|
|
da6346 |
opp = pp = slashsplit(s);
|
|
|
da6346 |
- for (; *pp; pp++) {
|
|
|
da6346 |
- if (!strcmp(*pp, ".")) {
|
|
|
da6346 |
- zsfree(*pp);
|
|
|
da6346 |
+ for (; xbuflen < sizeof(xbuf) && *pp; pp++) {
|
|
|
da6346 |
+ if (!strcmp(*pp, "."))
|
|
|
da6346 |
continue;
|
|
|
da6346 |
- }
|
|
|
da6346 |
if (!strcmp(*pp, "..")) {
|
|
|
da6346 |
char *p;
|
|
|
da6346 |
|
|
|
da6346 |
- zsfree(*pp);
|
|
|
da6346 |
if (!strcmp(xbuf, "/"))
|
|
|
da6346 |
continue;
|
|
|
da6346 |
if (!*xbuf)
|
|
|
da6346 |
continue;
|
|
|
da6346 |
- p = xbuf + strlen(xbuf);
|
|
|
da6346 |
- while (*--p != '/');
|
|
|
da6346 |
+ p = xbuf + xbuflen;
|
|
|
da6346 |
+ while (*--p != '/')
|
|
|
da6346 |
+ xbuflen--;
|
|
|
da6346 |
*p = '\0';
|
|
|
da6346 |
continue;
|
|
|
da6346 |
}
|
|
|
da6346 |
sprintf(xbuf2, "%s/%s", xbuf, *pp);
|
|
|
da6346 |
t0 = readlink(unmeta(xbuf2), xbuf3, PATH_MAX);
|
|
|
da6346 |
if (t0 == -1) {
|
|
|
da6346 |
- strcat(xbuf, "/");
|
|
|
da6346 |
- strcat(xbuf, *pp);
|
|
|
da6346 |
- zsfree(*pp);
|
|
|
da6346 |
+ zulong pplen = strlen(*pp) + 1;
|
|
|
da6346 |
+ if ((xbuflen += pplen) < sizeof(xbuf)) {
|
|
|
da6346 |
+ strcat(xbuf, "/");
|
|
|
da6346 |
+ strcat(xbuf, *pp);
|
|
|
da6346 |
+ } else {
|
|
|
da6346 |
+ *xbuf = 0;
|
|
|
da6346 |
+ break;
|
|
|
da6346 |
+ }
|
|
|
da6346 |
} else {
|
|
|
da6346 |
ret = 1;
|
|
|
da6346 |
metafy(xbuf3, t0, META_NOALLOC);
|
|
|
da6346 |
@@ -760,10 +764,9 @@ xsymlinks(char *s)
|
|
|
da6346 |
xsymlinks(xbuf3 + 1);
|
|
|
da6346 |
} else
|
|
|
da6346 |
xsymlinks(xbuf3);
|
|
|
da6346 |
- zsfree(*pp);
|
|
|
da6346 |
}
|
|
|
da6346 |
}
|
|
|
da6346 |
- free(opp);
|
|
|
da6346 |
+ freearray(opp);
|
|
|
da6346 |
return ret;
|
|
|
da6346 |
}
|
|
|
da6346 |
|
|
|
da6346 |
@@ -780,8 +783,10 @@ xsymlink(char *s)
|
|
|
da6346 |
return NULL;
|
|
|
da6346 |
*xbuf = '\0';
|
|
|
da6346 |
xsymlinks(s + 1);
|
|
|
da6346 |
- if (!*xbuf)
|
|
|
da6346 |
+ if (!*xbuf) {
|
|
|
da6346 |
+ zwarn("path expansion failed, using root directory");
|
|
|
da6346 |
return ztrdup("/");
|
|
|
da6346 |
+ }
|
|
|
da6346 |
return ztrdup(xbuf);
|
|
|
da6346 |
}
|
|
|
da6346 |
|
|
|
da6346 |
--
|
|
|
da6346 |
2.14.3
|
|
|
da6346 |
|
|
|
495835 |
|
|
|
495835 |
From a2de3957b1e6f23c593c47df0a850a8272e7c06a Mon Sep 17 00:00:00 2001
|
|
|
495835 |
From: "Barton E. Schaefer" <schaefer@zsh.org>
|
|
|
495835 |
Date: Fri, 15 Aug 2014 10:19:54 -0700
|
|
|
495835 |
Subject: [PATCH 2/3] 33012: add an error return value (-1) to xsymlinks()
|
|
|
495835 |
|
|
|
495835 |
Upstream-commit: 47d91c5fba6bc90d79503b7c69c6146abb8825f5
|
|
|
495835 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
495835 |
---
|
|
|
495835 |
Src/utils.c | 15 ++++++++-------
|
|
|
495835 |
1 file changed, 8 insertions(+), 7 deletions(-)
|
|
|
495835 |
|
|
|
495835 |
diff --git a/Src/utils.c b/Src/utils.c
|
|
|
495835 |
index a197ef8..d3e5812 100644
|
|
|
495835 |
--- a/Src/utils.c
|
|
|
495835 |
+++ b/Src/utils.c
|
|
|
495835 |
@@ -717,7 +717,6 @@ slashsplit(char *s)
|
|
|
495835 |
}
|
|
|
495835 |
|
|
|
495835 |
/* expands symlinks and .. or . expressions */
|
|
|
495835 |
-/* if flag = 0, only expand .. and . expressions */
|
|
|
495835 |
|
|
|
495835 |
/**/
|
|
|
495835 |
static int
|
|
|
495835 |
@@ -754,6 +753,7 @@ xsymlinks(char *s)
|
|
|
495835 |
strcat(xbuf, *pp);
|
|
|
495835 |
} else {
|
|
|
495835 |
*xbuf = 0;
|
|
|
495835 |
+ ret = -1;
|
|
|
495835 |
break;
|
|
|
495835 |
}
|
|
|
495835 |
} else {
|
|
|
495835 |
@@ -761,9 +761,11 @@ xsymlinks(char *s)
|
|
|
495835 |
metafy(xbuf3, t0, META_NOALLOC);
|
|
|
495835 |
if (*xbuf3 == '/') {
|
|
|
495835 |
strcpy(xbuf, "");
|
|
|
495835 |
- xsymlinks(xbuf3 + 1);
|
|
|
495835 |
+ if (xsymlinks(xbuf3 + 1) < 0)
|
|
|
495835 |
+ ret = -1;
|
|
|
495835 |
} else
|
|
|
495835 |
- xsymlinks(xbuf3);
|
|
|
495835 |
+ if (xsymlinks(xbuf3) < 0)
|
|
|
495835 |
+ ret = -1;
|
|
|
495835 |
}
|
|
|
495835 |
}
|
|
|
495835 |
freearray(opp);
|
|
|
495835 |
@@ -782,11 +784,10 @@ xsymlink(char *s)
|
|
|
495835 |
if (*s != '/')
|
|
|
495835 |
return NULL;
|
|
|
495835 |
*xbuf = '\0';
|
|
|
495835 |
- xsymlinks(s + 1);
|
|
|
495835 |
- if (!*xbuf) {
|
|
|
495835 |
+ if (xsymlinks(s + 1) < 0)
|
|
|
495835 |
zwarn("path expansion failed, using root directory");
|
|
|
495835 |
+ if (!*xbuf)
|
|
|
495835 |
return ztrdup("/");
|
|
|
495835 |
- }
|
|
|
495835 |
return ztrdup(xbuf);
|
|
|
495835 |
}
|
|
|
495835 |
|
|
|
495835 |
@@ -796,7 +797,7 @@ print_if_link(char *s)
|
|
|
495835 |
{
|
|
|
495835 |
if (*s == '/') {
|
|
|
495835 |
*xbuf = '\0';
|
|
|
495835 |
- if (xsymlinks(s + 1))
|
|
|
495835 |
+ if (xsymlinks(s + 1) > 0)
|
|
|
495835 |
printf(" -> "), zputs(*xbuf ? xbuf : "/", stdout);
|
|
|
495835 |
}
|
|
|
495835 |
}
|
|
|
495835 |
--
|
|
|
495835 |
2.20.1
|
|
|
495835 |
|
|
|
495835 |
|
|
|
495835 |
From c84057916eb96714c03fb0072ad0929152e48f0a Mon Sep 17 00:00:00 2001
|
|
|
495835 |
From: Peter Stephenson <p.w.stephenson@ntlworld.com>
|
|
|
495835 |
Date: Thu, 13 Nov 2014 19:44:01 +0000
|
|
|
495835 |
Subject: [PATCH 3/3] Marc Finet: problems with working directory
|
|
|
495835 |
rationalisation.
|
|
|
495835 |
|
|
|
495835 |
Ensure the length of the directory is kept up to date.
|
|
|
495835 |
|
|
|
495835 |
Abort following symlinks as soon as there's an error.
|
|
|
495835 |
|
|
|
495835 |
Upstream-commit: c01a178ece6740f719fef81ecdf9283b5c8b71d5
|
|
|
495835 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
495835 |
---
|
|
|
495835 |
Src/utils.c | 6 +++++-
|
|
|
495835 |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
495835 |
|
|
|
495835 |
diff --git a/Src/utils.c b/Src/utils.c
|
|
|
495835 |
index d3e5812..e2ffc38 100644
|
|
|
495835 |
--- a/Src/utils.c
|
|
|
495835 |
+++ b/Src/utils.c
|
|
|
495835 |
@@ -728,7 +728,7 @@ xsymlinks(char *s)
|
|
|
495835 |
zulong xbuflen = strlen(xbuf);
|
|
|
495835 |
|
|
|
495835 |
opp = pp = slashsplit(s);
|
|
|
495835 |
- for (; xbuflen < sizeof(xbuf) && *pp; pp++) {
|
|
|
495835 |
+ for (; xbuflen < sizeof(xbuf) && *pp && ret >= 0; pp++) {
|
|
|
495835 |
if (!strcmp(*pp, "."))
|
|
|
495835 |
continue;
|
|
|
495835 |
if (!strcmp(*pp, "..")) {
|
|
|
495835 |
@@ -763,9 +763,13 @@ xsymlinks(char *s)
|
|
|
495835 |
strcpy(xbuf, "");
|
|
|
495835 |
if (xsymlinks(xbuf3 + 1) < 0)
|
|
|
495835 |
ret = -1;
|
|
|
495835 |
+ else
|
|
|
495835 |
+ xbuflen = strlen(xbuf);
|
|
|
495835 |
} else
|
|
|
495835 |
if (xsymlinks(xbuf3) < 0)
|
|
|
495835 |
ret = -1;
|
|
|
495835 |
+ else
|
|
|
495835 |
+ xbuflen = strlen(xbuf);
|
|
|
495835 |
}
|
|
|
495835 |
}
|
|
|
495835 |
freearray(opp);
|
|
|
495835 |
--
|
|
|
495835 |
2.20.1
|
|
|
495835 |
|