busybox: backport upstream fixes for unzip
http://git.busybox.net/busybox/commit/?h=1_24_stable&id=6767af17f11144c7cd3cfe9ef799d7f89a78fe65 http://git.busybox.net/busybox/commit/?h=1_24_stable&id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c (From OE-Core rev: e69c955d825bdfaa17eb7a75f26df8b7b646f04d) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
6decbbb155
commit
2739ed08a8
|
@ -0,0 +1,143 @@
|
|||
Upstream-Status: Backport
|
||||
|
||||
http://busybox.net/downloads/fixes-1.24.1/
|
||||
http://git.busybox.net/busybox/commit/?id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c
|
||||
http://git.busybox.net/busybox/commit/?h=1_24_stable&id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c
|
||||
|
||||
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
|
||||
|
||||
From 092fabcf1df5d46cd22be4ffcd3b871f6180eb9c Mon Sep 17 00:00:00 2001
|
||||
From: Denys Vlasenko <vda.linux@googlemail.com>
|
||||
Date: Fri, 30 Oct 2015 23:41:53 +0100
|
||||
Subject: [PATCH] [g]unzip: fix recent breakage.
|
||||
|
||||
Also, do emit error message we so painstakingly pass from gzip internals
|
||||
|
||||
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
||||
(cherry picked from commit 6bd3fff51aa74e2ee2d87887b12182a3b09792ef)
|
||||
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
||||
---
|
||||
archival/libarchive/decompress_gunzip.c | 33 +++++++++++++++++++++------------
|
||||
testsuite/unzip.tests | 1 +
|
||||
2 files changed, 22 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
|
||||
index c76fd31..357c9bf 100644
|
||||
--- a/archival/libarchive/decompress_gunzip.c
|
||||
+++ b/archival/libarchive/decompress_gunzip.c
|
||||
@@ -309,8 +309,7 @@ static int huft_build(const unsigned *b, const unsigned n,
|
||||
huft_t *q; /* points to current table */
|
||||
huft_t r; /* table entry for structure assignment */
|
||||
huft_t *u[BMAX]; /* table stack */
|
||||
- unsigned v[N_MAX]; /* values in order of bit length */
|
||||
- unsigned v_end;
|
||||
+ unsigned v[N_MAX + 1]; /* values in order of bit length. last v[] is never used */
|
||||
int ws[BMAX + 1]; /* bits decoded stack */
|
||||
int w; /* bits decoded */
|
||||
unsigned x[BMAX + 1]; /* bit offsets, then code stack */
|
||||
@@ -365,15 +364,17 @@ static int huft_build(const unsigned *b, const unsigned n,
|
||||
*xp++ = j;
|
||||
}
|
||||
|
||||
- /* Make a table of values in order of bit lengths */
|
||||
+ /* Make a table of values in order of bit lengths.
|
||||
+ * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
|
||||
+ * In particular, last v[i] is never filled and must not be accessed.
|
||||
+ */
|
||||
+ memset(v, 0xff, sizeof(v));
|
||||
p = b;
|
||||
i = 0;
|
||||
- v_end = 0;
|
||||
do {
|
||||
j = *p++;
|
||||
if (j != 0) {
|
||||
v[x[j]++] = i;
|
||||
- v_end = x[j];
|
||||
}
|
||||
} while (++i < n);
|
||||
|
||||
@@ -435,7 +436,9 @@ static int huft_build(const unsigned *b, const unsigned n,
|
||||
|
||||
/* set up table entry in r */
|
||||
r.b = (unsigned char) (k - w);
|
||||
- if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
|
||||
+ if (/*p >= v + n || -- redundant, caught by the second check: */
|
||||
+ *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/
|
||||
+ ) {
|
||||
r.e = 99; /* out of values--invalid code */
|
||||
} else if (*p < s) {
|
||||
r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */
|
||||
@@ -520,8 +523,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
|
||||
e = t->e;
|
||||
if (e > 16)
|
||||
do {
|
||||
- if (e == 99)
|
||||
- abort_unzip(PASS_STATE_ONLY);;
|
||||
+ if (e == 99) {
|
||||
+ abort_unzip(PASS_STATE_ONLY);
|
||||
+ }
|
||||
bb >>= t->b;
|
||||
k -= t->b;
|
||||
e -= 16;
|
||||
@@ -557,8 +561,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
|
||||
e = t->e;
|
||||
if (e > 16)
|
||||
do {
|
||||
- if (e == 99)
|
||||
+ if (e == 99) {
|
||||
abort_unzip(PASS_STATE_ONLY);
|
||||
+ }
|
||||
bb >>= t->b;
|
||||
k -= t->b;
|
||||
e -= 16;
|
||||
@@ -824,8 +829,9 @@ static int inflate_block(STATE_PARAM smallint *e)
|
||||
|
||||
b_dynamic >>= 4;
|
||||
k_dynamic -= 4;
|
||||
- if (nl > 286 || nd > 30)
|
||||
+ if (nl > 286 || nd > 30) {
|
||||
abort_unzip(PASS_STATE_ONLY); /* bad lengths */
|
||||
+ }
|
||||
|
||||
/* read in bit-length-code lengths */
|
||||
for (j = 0; j < nb; j++) {
|
||||
@@ -906,12 +912,14 @@ static int inflate_block(STATE_PARAM smallint *e)
|
||||
bl = lbits;
|
||||
|
||||
i = huft_build(ll, nl, 257, cplens, cplext, &inflate_codes_tl, &bl);
|
||||
- if (i != 0)
|
||||
+ if (i != 0) {
|
||||
abort_unzip(PASS_STATE_ONLY);
|
||||
+ }
|
||||
bd = dbits;
|
||||
i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &inflate_codes_td, &bd);
|
||||
- if (i != 0)
|
||||
+ if (i != 0) {
|
||||
abort_unzip(PASS_STATE_ONLY);
|
||||
+ }
|
||||
|
||||
/* set up data for inflate_codes() */
|
||||
inflate_codes_setup(PASS_STATE bl, bd);
|
||||
@@ -999,6 +1007,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
|
||||
error_msg = "corrupted data";
|
||||
if (setjmp(error_jmp)) {
|
||||
/* Error from deep inside zip machinery */
|
||||
+ bb_error_msg(error_msg);
|
||||
n = -1;
|
||||
goto ret;
|
||||
}
|
||||
diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
|
||||
index ca0a458..d8738a3 100755
|
||||
--- a/testsuite/unzip.tests
|
||||
+++ b/testsuite/unzip.tests
|
||||
@@ -34,6 +34,7 @@ rm foo.zip
|
||||
testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
|
||||
"Archive: bad.zip
|
||||
inflating: ]3j½r«IK-%Ix
|
||||
+unzip: corrupted data
|
||||
unzip: inflate error
|
||||
1
|
||||
" \
|
||||
--
|
||||
2.6.2
|
||||
|
|
@ -0,0 +1,118 @@
|
|||
Upstream-Status: Backport
|
||||
|
||||
http://busybox.net/downloads/fixes-1.24.1/
|
||||
http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
|
||||
http://git.busybox.net/busybox/commit/?h=1_24_stable&id=6767af17f11144c7cd3cfe9ef799d7f89a78fe65
|
||||
|
||||
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
|
||||
|
||||
From 1de25a6e87e0e627aa34298105a3d17c60a1f44e Mon Sep 17 00:00:00 2001
|
||||
From: Denys Vlasenko <vda.linux@googlemail.com>
|
||||
Date: Mon, 26 Oct 2015 19:33:05 +0100
|
||||
Subject: [PATCH] unzip: test for bad archive SEGVing
|
||||
|
||||
function old new delta
|
||||
huft_build 1296 1300 +4
|
||||
|
||||
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
||||
---
|
||||
archival/libarchive/decompress_gunzip.c | 11 +++++++----
|
||||
testsuite/unzip.tests | 23 ++++++++++++++++++++++-
|
||||
2 files changed, 29 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
|
||||
index 7b6f459..30bf451 100644
|
||||
--- a/archival/libarchive/decompress_gunzip.c
|
||||
+++ b/archival/libarchive/decompress_gunzip.c
|
||||
@@ -305,11 +305,12 @@ static int huft_build(const unsigned *b, const unsigned n,
|
||||
unsigned i; /* counter, current code */
|
||||
unsigned j; /* counter */
|
||||
int k; /* number of bits in current code */
|
||||
- unsigned *p; /* pointer into c[], b[], or v[] */
|
||||
+ const unsigned *p; /* pointer into c[], b[], or v[] */
|
||||
huft_t *q; /* points to current table */
|
||||
huft_t r; /* table entry for structure assignment */
|
||||
huft_t *u[BMAX]; /* table stack */
|
||||
unsigned v[N_MAX]; /* values in order of bit length */
|
||||
+ unsigned v_end;
|
||||
int ws[BMAX + 1]; /* bits decoded stack */
|
||||
int w; /* bits decoded */
|
||||
unsigned x[BMAX + 1]; /* bit offsets, then code stack */
|
||||
@@ -324,7 +325,7 @@ static int huft_build(const unsigned *b, const unsigned n,
|
||||
|
||||
/* Generate counts for each bit length */
|
||||
memset(c, 0, sizeof(c));
|
||||
- p = (unsigned *) b; /* cast allows us to reuse p for pointing to b */
|
||||
+ p = b;
|
||||
i = n;
|
||||
do {
|
||||
c[*p]++; /* assume all entries <= BMAX */
|
||||
@@ -365,12 +366,14 @@ static int huft_build(const unsigned *b, const unsigned n,
|
||||
}
|
||||
|
||||
/* Make a table of values in order of bit lengths */
|
||||
- p = (unsigned *) b;
|
||||
+ p = b;
|
||||
i = 0;
|
||||
+ v_end = 0;
|
||||
do {
|
||||
j = *p++;
|
||||
if (j != 0) {
|
||||
v[x[j]++] = i;
|
||||
+ v_end = x[j];
|
||||
}
|
||||
} while (++i < n);
|
||||
|
||||
@@ -432,7 +435,7 @@ static int huft_build(const unsigned *b, const unsigned n,
|
||||
|
||||
/* set up table entry in r */
|
||||
r.b = (unsigned char) (k - w);
|
||||
- if (p >= v + n) {
|
||||
+ if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
|
||||
r.e = 99; /* out of values--invalid code */
|
||||
} else if (*p < s) {
|
||||
r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */
|
||||
diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
|
||||
index 8677a03..ca0a458 100755
|
||||
--- a/testsuite/unzip.tests
|
||||
+++ b/testsuite/unzip.tests
|
||||
@@ -7,7 +7,7 @@
|
||||
|
||||
. ./testing.sh
|
||||
|
||||
-# testing "test name" "options" "expected result" "file input" "stdin"
|
||||
+# testing "test name" "commands" "expected result" "file input" "stdin"
|
||||
# file input will be file called "input"
|
||||
# test can create a file "actual" instead of writing to stdout
|
||||
|
||||
@@ -30,6 +30,27 @@ testing "unzip (subdir only)" "unzip -q foo.zip foo/ && test -d foo && test ! -f
|
||||
rmdir foo
|
||||
rm foo.zip
|
||||
|
||||
+# File containing some damaged encrypted stream
|
||||
+testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
|
||||
+"Archive: bad.zip
|
||||
+ inflating: ]3j½r«IK-%Ix
|
||||
+unzip: inflate error
|
||||
+1
|
||||
+" \
|
||||
+"" "\
|
||||
+begin-base64 644 bad.zip
|
||||
+UEsDBBQAAgkIAAAAIQA5AAAANwAAADwAAAAQAAcAXTNqwr1ywqtJGxJLLSVJ
|
||||
+eCkBD0AdKBk8JzQsIj01JC0/ORJQSwMEFAECCAAAAAAhADoAAAAPAAAANgAA
|
||||
+AAwAAQASw73Ct1DCokohPXQiNjoUNTUiHRwgLT4WHlBLAQIQABQAAggIAAAA
|
||||
+oQA5AAAANwAAADwAAAAQQAcADAAAACwAMgCAAAAAAABdM2rCvXLCq0kbEkst
|
||||
+JUl4KQEPQB0oGSY4Cz4QNgEnJSYIPVBLAQIAABQAAggAAAAAIQAqAAAADwAA
|
||||
+BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
|
||||
+NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
|
||||
+====
|
||||
+"
|
||||
+
|
||||
+rm *
|
||||
+
|
||||
# Clean up scratch directory.
|
||||
|
||||
cd ..
|
||||
--
|
||||
2.6.2
|
||||
|
|
@ -32,6 +32,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
|
|||
file://busybox-cross-menuconfig.patch \
|
||||
file://0001-Use-CC-when-linking-instead-of-LD-and-use-CFLAGS-and.patch \
|
||||
file://0002-Passthrough-r-to-linker.patch \
|
||||
file://busybox-1.24.1-unzip.patch \
|
||||
file://busybox-1.24.1-unzip-regression.patch \
|
||||
file://mount-via-label.cfg \
|
||||
file://sha1sum.cfg \
|
||||
file://sha256sum.cfg \
|
||||
|
|
Loading…
Reference in New Issue