diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-06-09 07:09:35 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-06-09 07:16:13 +0000 |
commit | 2fafe3d1eb933216776b191c85565ec5289161da (patch) | |
tree | 90a90fe794532c06bf307702f1167ed0ebf750f7 /main/squashfs-tools | |
parent | 304f22a6f1c25557fdae7f54de534871a9956377 (diff) | |
download | aports-2fafe3d1eb933216776b191c85565ec5289161da.tar.bz2 aports-2fafe3d1eb933216776b191c85565ec5289161da.tar.xz |
main/squashfs-tools: fix variable length array overflow
we can not guarantee that block size specified in user data will not
overflow the stack so we need to use malloc.
this fixes segfault when doing unsquashfs
Diffstat (limited to 'main/squashfs-tools')
-rw-r--r-- | main/squashfs-tools/APKBUILD | 12 | ||||
-rw-r--r-- | main/squashfs-tools/vla-overlow.patch | 21 |
2 files changed, 29 insertions, 4 deletions
diff --git a/main/squashfs-tools/APKBUILD b/main/squashfs-tools/APKBUILD index eb090928cc..90e5e9f0d1 100644 --- a/main/squashfs-tools/APKBUILD +++ b/main/squashfs-tools/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=squashfs-tools pkgver=4.3 -pkgrel=0 +pkgrel=1 pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux." url="http://squashfs.sourceforge.net" arch="all" @@ -10,6 +10,7 @@ depends= makedepends="zlib-dev xz-dev lzo-dev attr-dev" source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz fix-compat.patch + vla-overlow.patch " _builddir="$srcdir/squashfs$pkgver/$pkgname" @@ -34,8 +35,11 @@ package() { cp -a mksquashfs unsquashfs "$pkgdir"/sbin } md5sums="d92ab59aabf5173f2a59089531e30dbf squashfs4.3.tar.gz -1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch" +1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch +d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch" sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6 squashfs4.3.tar.gz -249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch" +249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch +213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch" sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79 squashfs4.3.tar.gz -868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch" +868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch +975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch" diff --git a/main/squashfs-tools/vla-overlow.patch b/main/squashfs-tools/vla-overlow.patch new file mode 100644 index 0000000000..a9840fe01f --- /dev/null +++ b/main/squashfs-tools/vla-overlow.patch @@ -0,0 +1,21 @@ +--- ./squashfs-tools/unsquashfs.c.orig ++++ ./squashfs-tools/unsquashfs.c +@@ -2099,7 +2099,9 @@ + */ + void *inflator(void *arg) + { +- char tmp[block_size]; ++ char *tmp = malloc(block_size); ++ if(tmp == NULL) ++ EXIT_UNSQUASH("Out of memory allocating block buffer\n"); + + while(1) { + struct cache_entry *entry = queue_get(to_inflate); +@@ -2122,6 +2124,7 @@ + */ + cache_block_ready(entry, res == -1); + } ++ free(tmp); + } + + |