aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-06-09 07:09:35 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-06-09 07:16:13 +0000
commit2fafe3d1eb933216776b191c85565ec5289161da (patch)
tree90a90fe794532c06bf307702f1167ed0ebf750f7
parent304f22a6f1c25557fdae7f54de534871a9956377 (diff)
downloadaports-2fafe3d1eb933216776b191c85565ec5289161da.tar.bz2
aports-2fafe3d1eb933216776b191c85565ec5289161da.tar.xz
main/squashfs-tools: fix variable length array overflow
we can not guarantee that block size specified in user data will not overflow the stack so we need to use malloc. this fixes segfault when doing unsquashfs
-rw-r--r--main/squashfs-tools/APKBUILD12
-rw-r--r--main/squashfs-tools/vla-overlow.patch21
2 files changed, 29 insertions, 4 deletions
diff --git a/main/squashfs-tools/APKBUILD b/main/squashfs-tools/APKBUILD
index eb090928cc..90e5e9f0d1 100644
--- a/main/squashfs-tools/APKBUILD
+++ b/main/squashfs-tools/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=squashfs-tools
pkgver=4.3
-pkgrel=0
+pkgrel=1
pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."
url="http://squashfs.sourceforge.net"
arch="all"
@@ -10,6 +10,7 @@ depends=
makedepends="zlib-dev xz-dev lzo-dev attr-dev"
source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz
fix-compat.patch
+ vla-overlow.patch
"
_builddir="$srcdir/squashfs$pkgver/$pkgname"
@@ -34,8 +35,11 @@ package() {
cp -a mksquashfs unsquashfs "$pkgdir"/sbin
}
md5sums="d92ab59aabf5173f2a59089531e30dbf squashfs4.3.tar.gz
-1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch"
+1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch
+d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch"
sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6 squashfs4.3.tar.gz
-249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch"
+249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch
+213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch"
sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79 squashfs4.3.tar.gz
-868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch"
+868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch
+975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch"
diff --git a/main/squashfs-tools/vla-overlow.patch b/main/squashfs-tools/vla-overlow.patch
new file mode 100644
index 0000000000..a9840fe01f
--- /dev/null
+++ b/main/squashfs-tools/vla-overlow.patch
@@ -0,0 +1,21 @@
+--- ./squashfs-tools/unsquashfs.c.orig
++++ ./squashfs-tools/unsquashfs.c
+@@ -2099,7 +2099,9 @@
+ */
+ void *inflator(void *arg)
+ {
+- char tmp[block_size];
++ char *tmp = malloc(block_size);
++ if(tmp == NULL)
++ EXIT_UNSQUASH("Out of memory allocating block buffer\n");
+
+ while(1) {
+ struct cache_entry *entry = queue_get(to_inflate);
+@@ -2122,6 +2124,7 @@
+ */
+ cache_block_ready(entry, res == -1);
+ }
++ free(tmp);
+ }
+
+