aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
blob: 8f719ad8d6841e18fc02428fd467823680f0c704 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
From dcee489f821c1260a0136fcdfdb6ff4dd11086ac Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Wed, 9 Dec 2015 17:58:03 +0200
Subject: [PATCH] Fix CVE-2015-1197

Apply patch by Vitezslav Cizek of SuSE to fix CVE-2015-1197.
Upstream is dormant or no longer existing. To restore the old
behaviour use --extract-over-symlinks (Closes: #774669)
This issue has been discovered by Alexander Cherepanov.
Author: Vitezslav Cizek <vcizek@suse.cz>
Bug-Debian: https://bugs.debian.org/774669

Upstream-Status: Pending
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>

---
 doc/cpio.1   |  1 +
 src/copyin.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/extern.h |  1 +
 src/global.c |  3 +++
 src/main.c   |  7 +++++++
 5 files changed, 74 insertions(+)

diff --git a/doc/cpio.1 b/doc/cpio.1
index 2a68241..dc4676c 100644
--- a/doc/cpio.1
+++ b/doc/cpio.1
@@ -49,6 +49,7 @@ cpio \- copy files to and from archives
 [\fB\-\-no\-preserve\-owner\fR] [\fB\-\-message=\fIMESSAGE\fR]
 [\fB\-\-force\-local\fR] [\fB\-\-no\-absolute\-filenames\fR] [\fB\-\-sparse\fR]
 [\fB\-\-only\-verify\-crc\fR] [\fB\-\-to\-stdout\fR] [\fB\-\-quiet\fR]
+[\fB\-\-extract\-over\-symlinks\fR]
 [\fB\-\-rsh\-command=\fICOMMAND\fR]
 [\fIpattern\fR...] [\fB<\fR \fIarchive\fR]
 
diff --git a/src/copyin.c b/src/copyin.c
index cde911e..053afe7 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -695,6 +695,51 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
   free (link_name);
 }
 
+
+static int
+path_contains_symlink(char *path)
+{
+  struct stat st;
+  char *slash;
+  char *nextslash;
+
+  /* we got NULL pointer or empty string */
+  if (!path || !*path) {
+    return false;
+  }
+
+  slash = path;
+
+  while ((nextslash = strchr(slash + 1, '/')) != NULL) {
+    slash = nextslash;
+    *slash = '\0';
+
+    if (lstat(path, &st) != 0) {
+      if (errno == ELOOP) {
+        /* ELOOP - too many symlinks */
+        *slash = '/';
+        return true;
+      } else if (errno == ENOMEM) {
+        /* No memory for lstat - terminate */
+        xalloc_die();
+      } else {
+        /* cannot lstat path - give up */
+        *slash = '/';
+        return false;
+      }
+    }
+
+    if (S_ISLNK(st.st_mode)) {
+      *slash = '/';
+      return true;
+    }
+
+    *slash = '/';
+  }
+
+  return false;
+}
+
 static void
 copyin_file (struct cpio_file_stat *file_hdr, int in_file_des)
 {
@@ -1468,6 +1513,23 @@ process_copy_in ()
 	{
 	  /* Copy the input file into the directory structure.  */
 
+          /* Can we write files over symlinks? */
+          if (!extract_over_symlinks)
+            {
+              if (path_contains_symlink(file_hdr.c_name))
+                {
+                  /* skip the file */
+                  /*
+                  fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name);
+                  tape_toss_input (in_file_des, file_hdr.c_filesize);
+                  tape_skip_padding (in_file_des, file_hdr.c_filesize);
+                  continue;
+                  */
+                  /* terminate */
+	          error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name);
+                }
+            }
+
 	  /* Do we need to rename the file? */
 	  if (rename_flag || rename_batch_file)
 	    {
diff --git a/src/extern.h b/src/extern.h
index e27d662..d864bde 100644
--- a/src/extern.h
+++ b/src/extern.h
@@ -96,6 +96,7 @@ extern char input_is_special;
 extern char output_is_special;
 extern char input_is_seekable;
 extern char output_is_seekable;
+extern bool extract_over_symlinks;
 extern int (*xstat) ();
 extern void (*copy_function) ();
 extern char *change_directory_option;
diff --git a/src/global.c b/src/global.c
index 57e505a..336fce4 100644
--- a/src/global.c
+++ b/src/global.c
@@ -187,6 +187,9 @@ bool to_stdout_option = false;
 /* The name this program was run with.  */
 char *program_name;
 
+/* Extract files over symbolic links */
+bool extract_over_symlinks;
+
 /* A pointer to either lstat or stat, depending on whether
    dereferencing of symlinks is done for input files.  */
 int (*xstat) ();
diff --git a/src/main.c b/src/main.c
index a13861f..87cb309 100644
--- a/src/main.c
+++ b/src/main.c
@@ -59,6 +59,7 @@ enum cpio_options {
   DEBUG_OPTION,                  
   BLOCK_SIZE_OPTION,             
   TO_STDOUT_OPTION,
+  EXTRACT_OVER_SYMLINKS,
   RENUMBER_INODES_OPTION,
   IGNORE_DEVNO_OPTION,
   DEVICE_INDEPENDENT_OPTION
@@ -243,6 +244,8 @@ static struct argp_option options[] = {
    N_("Create leading directories where needed"), GRID+1 },
   {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0,
    N_("Do not change the ownership of the files"), GRID+1 },
+  {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0,
+   N_("Force writing over symbolic links"), GRID+1 },
   {"unconditional", 'u', NULL, 0,
    N_("Replace all files unconditionally"), GRID+1 },
   {"sparse", SPARSE_OPTION, NULL, 0,
@@ -432,6 +435,10 @@ crc newc odc bin ustar tar (all-caps also recognized)"), arg));
       no_chown_flag = true;
       break;
 
+    case EXTRACT_OVER_SYMLINKS:                        /* --extract-over-symlinks */
+      extract_over_symlinks = true;
+      break;
+
     case 'o':		/* Copy-out mode.  */
       if (copy_function != 0)
 	USAGE_ERROR ((0, 0, _("Mode already defined")));
-- 
2.6.2