main/busybox: add unzip fixes from upstream

3 files changed, 255 insertions, 1 deletions

diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index e130024ff1..131dbc93f7 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=busybox
 pkgver=1.24.1
-pkgrel=5
+pkgrel=6
 pkgdesc="Size optimized toolbox of many common UNIX utilities"
 url=http://busybox.net
 arch="all"
@@ -21,6 +21,9 @@ source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
 	loginutils-sha512.patch
 	udhcpc-discover-retries.patch
 
+	busybox-1.24.1-unzip.patch
+	busybox-1.24.1-unzip-regression.patch
+
 	0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
 	0001-ifupdown-use-x-hostname-NAME-with-udhcpc.patch
 
@@ -145,6 +148,8 @@ d64b58a30892c558bdbab7f0d0997577  nologin.c
 c5a8dbc8696db6da9c4624b0e11d8fba  bb-app-location.patch
 8c42c9ef0f0419c314c86bcaf7796106  loginutils-sha512.patch
 91a7584a562a72ba886936558e576bbd  udhcpc-discover-retries.patch
+b7fef73cb77824525ef08fd8b2571961  busybox-1.24.1-unzip.patch
+023c0e0f9df375715f40792bedec8f4b  busybox-1.24.1-unzip-regression.patch
 d6f0ecf89f7633753d8998abe7e06e7e  0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
 e1c183cbe1ca18a0fa0d9597314076c9  0001-ifupdown-use-x-hostname-NAME-with-udhcpc.patch
 69fa40bee9abec058427bf67fde1b61e  0001-diff-add-support-for-no-dereference.patch
@@ -169,6 +174,8 @@ sha256sums="37d03132cc078937360b392170b7a1d0e5b322eee9f57c0b82292a8b1f0afe3d  bu
 576366b4d50f1078da6c0364ef70415de92d97c93c64f4d790b11d7a34cdccd2  bb-app-location.patch
 57674b20158c0b266ed028b0c65299f9cbcad7d33d19c9fcc403d3967daba493  loginutils-sha512.patch
 90825a443339f1c8c249d05f7b025ce53e374d305f8e113d98d45146b105494d  udhcpc-discover-retries.patch
+dffbce75bfa9fc4a9bb9f74b3ee1e40477037cf9bbbeed60d6cd7a272ef2fb3f  busybox-1.24.1-unzip.patch
+be9845c458bd8c671a16abf6ae1161c0a839b20db795ef8d6d4b08f70a9c214a  busybox-1.24.1-unzip-regression.patch
 666d0e9c5a4b37aca84d88138736012527d97de578f81b719bf913f558823e18  0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
 53563c6dc4db13004d0b37f7bf1748e861b5a5c4244c1d34f102c23b689420c5  0001-ifupdown-use-x-hostname-NAME-with-udhcpc.patch
 70180473e3939402e460b25de8273a5ce7f62b130a9efe31f33d847b2406ac92  0001-diff-add-support-for-no-dereference.patch
@@ -193,6 +200,8 @@ eb7cce973bfd53ce3350713437b9e2751becfb8dfb10b14f27c4f812297c403b90f80dc2906179d4
 5c42b05be69c834c9fd5372c6b0d55a6399c74146a94ea09eae7285dd4fa75d1bde38bf7ab73e98638f65eb72db02115453cbdfe85a0085d742940366f617c7d  bb-app-location.patch
 69af4800fcf765b4ae029daced7ff171b6b04d810c94a987c7ba848e275a27b77b18b38df1b85f4a12c4a47ed42f62e0768260eb1198e2aff1c3cea898b85c61  loginutils-sha512.patch
 34415fe69f6b8d42756046aa8e6d9e4f64a3b0ceb9f57c4c988e35870fe975f05d0ac76f1f9a712196e9c59e67aa2a54abf398242009134fb3aca342c25a3646  udhcpc-discover-retries.patch
+b8e67db3969d97e3c5cb19c7eb6b5588ffe6083a9ec63bb6e5ad2a399d473b6efc659a045375f20bbb896b956bc274206cc1659b595c1378beaa9034186459b3  busybox-1.24.1-unzip.patch
+2df0585545f9cf78eb773e9695f18117f2e2ea3b5259bf3479c4ed6e870e0624718f16fcc1a888a110cbaa0d3d477a5431e82e162c4e4a63a2c8d46eda670b5d  busybox-1.24.1-unzip-regression.patch
 9c836f85d5bc3b33d459394679a93635658c59fb744e266109f84531d391880926d62d671f8ccef56d3b744f0bcc54a8ad2789931e50dcbc40d5d94158bcc503  0001-ifupdown-pass-interface-device-name-for-ipv6-route-c.patch
 b1a1cc2ada657a3d3364c8c96853575d73784e769cd8768c170c27a3e59abd2beace75dff6d5047c4391725e961d93149f9c3f45ed75fb1c582bf18b818282c9  0001-ifupdown-use-x-hostname-NAME-with-udhcpc.patch
 a35b66cd28b79ccc14b47315ac94677fdf8c14d8a6e8956707e71fb50d453dfc5b4b822832cd1faecfe9bf79e687f9b25a1357e0a88db530044c5f8514701c98  0001-diff-add-support-for-no-dereference.patch
diff --git a/main/busybox/busybox-1.24.1-unzip-regression.patch b/main/busybox/busybox-1.24.1-unzip-regression.patch
new file mode 100644
index 0000000000..58d7b7c6bb
--- /dev/null
+++ b/main/busybox/busybox-1.24.1-unzip-regression.patch
@@ -0,0 +1,135 @@
+From 092fabcf1df5d46cd22be4ffcd3b871f6180eb9c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Fri, 30 Oct 2015 23:41:53 +0100
+Subject: [PATCH] [g]unzip: fix recent breakage.
+
+Also, do emit error message we so painstakingly pass from gzip internals
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 6bd3fff51aa74e2ee2d87887b12182a3b09792ef)
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ archival/libarchive/decompress_gunzip.c | 33 +++++++++++++++++++++------------
+ testsuite/unzip.tests                   |  1 +
+ 2 files changed, 22 insertions(+), 12 deletions(-)
+
+diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
+index c76fd31..357c9bf 100644
+--- a/archival/libarchive/decompress_gunzip.c
++++ b/archival/libarchive/decompress_gunzip.c
+@@ -309,8 +309,7 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 	huft_t *q;              /* points to current table */
+ 	huft_t r;               /* table entry for structure assignment */
+ 	huft_t *u[BMAX];        /* table stack */
+-	unsigned v[N_MAX];      /* values in order of bit length */
+-	unsigned v_end;
++	unsigned v[N_MAX + 1];  /* values in order of bit length. last v[] is never used */
+ 	int ws[BMAX + 1];       /* bits decoded stack */
+ 	int w;                  /* bits decoded */
+ 	unsigned x[BMAX + 1];   /* bit offsets, then code stack */
+@@ -365,15 +364,17 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 		*xp++ = j;
+ 	}
+ 
+-	/* Make a table of values in order of bit lengths */
++	/* Make a table of values in order of bit lengths.
++	 * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
++	 * In particular, last v[i] is never filled and must not be accessed.
++	 */
++	memset(v, 0xff, sizeof(v));
+ 	p = b;
+ 	i = 0;
+-	v_end = 0;
+ 	do {
+ 		j = *p++;
+ 		if (j != 0) {
+ 			v[x[j]++] = i;
+-			v_end = x[j];
+ 		}
+ 	} while (++i < n);
+ 
+@@ -435,7 +436,9 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 
+ 			/* set up table entry in r */
+ 			r.b = (unsigned char) (k - w);
+-			if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
++			if (/*p >= v + n || -- redundant, caught by the second check: */
++			    *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/
++			) {
+ 				r.e = 99; /* out of values--invalid code */
+ 			} else if (*p < s) {
+ 				r.e = (unsigned char) (*p < 256 ? 16 : 15);	/* 256 is EOB code */
+@@ -520,8 +523,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
+ 		e = t->e;
+ 		if (e > 16)
+ 			do {
+-				if (e == 99)
+-					abort_unzip(PASS_STATE_ONLY);;
++				if (e == 99) {
++					abort_unzip(PASS_STATE_ONLY);
++				}
+ 				bb >>= t->b;
+ 				k -= t->b;
+ 				e -= 16;
+@@ -557,8 +561,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
+ 			e = t->e;
+ 			if (e > 16)
+ 				do {
+-					if (e == 99)
++					if (e == 99) {
+ 						abort_unzip(PASS_STATE_ONLY);
++					}
+ 					bb >>= t->b;
+ 					k -= t->b;
+ 					e -= 16;
+@@ -824,8 +829,9 @@ static int inflate_block(STATE_PARAM smallint *e)
+ 
+ 		b_dynamic >>= 4;
+ 		k_dynamic -= 4;
+-		if (nl > 286 || nd > 30)
++		if (nl > 286 || nd > 30) {
+ 			abort_unzip(PASS_STATE_ONLY);	/* bad lengths */
++		}
+ 
+ 		/* read in bit-length-code lengths */
+ 		for (j = 0; j < nb; j++) {
+@@ -906,12 +912,14 @@ static int inflate_block(STATE_PARAM smallint *e)
+ 		bl = lbits;
+ 
+ 		i = huft_build(ll, nl, 257, cplens, cplext, &inflate_codes_tl, &bl);
+-		if (i != 0)
++		if (i != 0) {
+ 			abort_unzip(PASS_STATE_ONLY);
++		}
+ 		bd = dbits;
+ 		i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &inflate_codes_td, &bd);
+-		if (i != 0)
++		if (i != 0) {
+ 			abort_unzip(PASS_STATE_ONLY);
++		}
+ 
+ 		/* set up data for inflate_codes() */
+ 		inflate_codes_setup(PASS_STATE bl, bd);
+@@ -999,6 +1007,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
+ 	error_msg = "corrupted data";
+ 	if (setjmp(error_jmp)) {
+ 		/* Error from deep inside zip machinery */
++		bb_error_msg(error_msg);
+ 		n = -1;
+ 		goto ret;
+ 	}
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index ca0a458..d8738a3 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -34,6 +34,7 @@ rm foo.zip
+ testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+ "Archive:  bad.zip
+   inflating: ]3j½r«IK-%Ix
++unzip: corrupted data
+ unzip: inflate error
+ 1
+ " \
+-- 
+2.6.2
+
diff --git a/main/busybox/busybox-1.24.1-unzip.patch b/main/busybox/busybox-1.24.1-unzip.patch
new file mode 100644
index 0000000000..77f02c116c
--- /dev/null
+++ b/main/busybox/busybox-1.24.1-unzip.patch
@@ -0,0 +1,110 @@
+From 1de25a6e87e0e627aa34298105a3d17c60a1f44e Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 26 Oct 2015 19:33:05 +0100
+Subject: [PATCH] unzip: test for bad archive SEGVing
+
+function                                             old     new   delta
+huft_build                                          1296    1300      +4
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/decompress_gunzip.c | 11 +++++++----
+ testsuite/unzip.tests                   | 23 ++++++++++++++++++++++-
+ 2 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
+index 7b6f459..30bf451 100644
+--- a/archival/libarchive/decompress_gunzip.c
++++ b/archival/libarchive/decompress_gunzip.c
+@@ -305,11 +305,12 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 	unsigned i;             /* counter, current code */
+ 	unsigned j;             /* counter */
+ 	int k;                  /* number of bits in current code */
+-	unsigned *p;            /* pointer into c[], b[], or v[] */
++	const unsigned *p;      /* pointer into c[], b[], or v[] */
+ 	huft_t *q;              /* points to current table */
+ 	huft_t r;               /* table entry for structure assignment */
+ 	huft_t *u[BMAX];        /* table stack */
+ 	unsigned v[N_MAX];      /* values in order of bit length */
++	unsigned v_end;
+ 	int ws[BMAX + 1];       /* bits decoded stack */
+ 	int w;                  /* bits decoded */
+ 	unsigned x[BMAX + 1];   /* bit offsets, then code stack */
+@@ -324,7 +325,7 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 
+ 	/* Generate counts for each bit length */
+ 	memset(c, 0, sizeof(c));
+-	p = (unsigned *) b; /* cast allows us to reuse p for pointing to b */
++	p = b;
+ 	i = n;
+ 	do {
+ 		c[*p]++; /* assume all entries <= BMAX */
+@@ -365,12 +366,14 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 	}
+ 
+ 	/* Make a table of values in order of bit lengths */
+-	p = (unsigned *) b;
++	p = b;
+ 	i = 0;
++	v_end = 0;
+ 	do {
+ 		j = *p++;
+ 		if (j != 0) {
+ 			v[x[j]++] = i;
++			v_end = x[j];
+ 		}
+ 	} while (++i < n);
+ 
+@@ -432,7 +435,7 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 
+ 			/* set up table entry in r */
+ 			r.b = (unsigned char) (k - w);
+-			if (p >= v + n) {
++			if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
+ 				r.e = 99; /* out of values--invalid code */
+ 			} else if (*p < s) {
+ 				r.e = (unsigned char) (*p < 256 ? 16 : 15);	/* 256 is EOB code */
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index 8677a03..ca0a458 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -7,7 +7,7 @@
+ 
+ . ./testing.sh
+ 
+-# testing "test name" "options" "expected result" "file input" "stdin"
++# testing "test name" "commands" "expected result" "file input" "stdin"
+ #   file input will be file called "input"
+ #   test can create a file "actual" instead of writing to stdout
+ 
+@@ -30,6 +30,27 @@ testing "unzip (subdir only)" "unzip -q foo.zip foo/ && test -d foo && test ! -f
+ rmdir foo
+ rm foo.zip
+ 
++# File containing some damaged encrypted stream
++testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
++"Archive:  bad.zip
++  inflating: ]3j½r«IK-%Ix
++unzip: inflate error
++1
++" \
++"" "\
++begin-base64 644 bad.zip
++UEsDBBQAAgkIAAAAIQA5AAAANwAAADwAAAAQAAcAXTNqwr1ywqtJGxJLLSVJ
++eCkBD0AdKBk8JzQsIj01JC0/ORJQSwMEFAECCAAAAAAhADoAAAAPAAAANgAA
++AAwAAQASw73Ct1DCokohPXQiNjoUNTUiHRwgLT4WHlBLAQIQABQAAggIAAAA
++oQA5AAAANwAAADwAAAAQQAcADAAAACwAMgCAAAAAAABdM2rCvXLCq0kbEkst
++JUl4KQEPQB0oGSY4Cz4QNgEnJSYIPVBLAQIAABQAAggAAAAAIQAqAAAADwAA
++BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
++NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
++====
++"
++
++rm *
++
+ # Clean up scratch directory.
+ 
+ cd ..
+-- 
+2.6.2
+