diff options
author | Robin Gloster <mail@glob.in> | 2016-02-27 00:08:08 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-02-27 00:08:08 +0000 |
commit | 3477e662e60ba80a777f9126ba65ca6e9e0fcdf8 (patch) | |
tree | 26aa99e97f980701131668a00a24fcb85c5cd8a8 /pkgs/tools/archivers | |
parent | b4dadff5429d0bf47bcdafff14dd3d0032039699 (diff) | |
parent | 766ad682f146a755b460dd87006912a96d915bcd (diff) | |
download | nixlib-3477e662e60ba80a777f9126ba65ca6e9e0fcdf8.tar nixlib-3477e662e60ba80a777f9126ba65ca6e9e0fcdf8.tar.gz nixlib-3477e662e60ba80a777f9126ba65ca6e9e0fcdf8.tar.bz2 nixlib-3477e662e60ba80a777f9126ba65ca6e9e0fcdf8.tar.lz nixlib-3477e662e60ba80a777f9126ba65ca6e9e0fcdf8.tar.xz nixlib-3477e662e60ba80a777f9126ba65ca6e9e0fcdf8.tar.zst nixlib-3477e662e60ba80a777f9126ba65ca6e9e0fcdf8.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/tools/archivers')
-rw-r--r-- | pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch | 29 | ||||
-rw-r--r-- | pkgs/tools/archivers/cpio/default.nix | 4 |
2 files changed, 33 insertions, 0 deletions
diff --git a/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch b/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch new file mode 100644 index 000000000000..90ddeff9790e --- /dev/null +++ b/pkgs/tools/archivers/cpio/CVE-2016-2037-out-of-bounds-write.patch @@ -0,0 +1,29 @@ +diff --git a/src/copyin.c b/src/copyin.c +index cde911e..032d35f 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -1385,6 +1385,8 @@ process_copy_in () + break; + } + ++ if (file_hdr.c_namesize <= 1) ++ file_hdr.c_name = xrealloc(file_hdr.c_name, 2); + cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag, + false); + +diff --git a/src/util.c b/src/util.c +index 6ff6032..2763ac1 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -1411,7 +1411,10 @@ set_file_times (int fd, + } + + /* Do we have to ignore absolute paths, and if so, does the filename +- have an absolute path? */ ++ have an absolute path? ++ Before calling this function make sure that the allocated NAME buffer has ++ capacity at least 2 bytes to allow us to store the "." string inside. */ ++ + void + cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, + bool strip_leading_dots) diff --git a/pkgs/tools/archivers/cpio/default.nix b/pkgs/tools/archivers/cpio/default.nix index 570f1904ee21..2313f27f2e54 100644 --- a/pkgs/tools/archivers/cpio/default.nix +++ b/pkgs/tools/archivers/cpio/default.nix @@ -19,6 +19,10 @@ in stdenv.mkDerivation { + "CVE-2015-1197-cpio-2.12.patch"; sha256 = "0ph43m4lavwkc4gnl5h9p3da4kb1pnhwk5l2qsky70dqri8pcr8v"; }) + + # Report: http://www.openwall.com/lists/oss-security/2016/01/19/4 + # Patch from https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html + ./CVE-2016-2037-out-of-bounds-write.patch ]; preConfigure = if stdenv.isCygwin then '' |