main/squashfs-tools: fix variable length array overflow

we can not guarantee that block size specified in user data will not overflow the stack so we need to use malloc. this fixes segfault when doing unsquashfs (cherry picked from commit 2fafe3d1eb933216776b191c85565ec5289161da)
author: Natanael Copa <ncopa@alpinelinux.org> 2015-06-09 07:09:35 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2015-07-07 19:54:25 +0000
commit: b892cb972e14e5d9abb90a9126123ab0d3fb5d96 (patch)
tree: 2f08095b493b373f110bbc0b9f38b23b8913ea86
parent: d294bb94f12a38a2be5c3efc793d6b5e234b0b4b (diff)
download: alpine_aports-b892cb972e14e5d9abb90a9126123ab0d3fb5d96.tar.bz2
alpine_aports-b892cb972e14e5d9abb90a9126123ab0d3fb5d96.tar.xz
alpine_aports-b892cb972e14e5d9abb90a9126123ab0d3fb5d96.zip
2 files changed, 29 insertions, 4 deletions
diff --git a/main/squashfs-tools/APKBUILD b/main/squashfs-tools/APKBUILD
index eb090928cc..90e5e9f0d1 100644
--- a/main/squashfs-tools/APKBUILD
+++ b/main/squashfs-tools/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=squashfs-tools
 pkgver=4.3
-pkgrel=0
+pkgrel=1
 pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."
 url="http://squashfs.sourceforge.net"
 arch="all"
@@ -10,6 +10,7 @@ depends=
 makedepends="zlib-dev xz-dev lzo-dev attr-dev"
 source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz
        fix-compat.patch
+        vla-overlow.patch
 "
 _builddir="$srcdir/squashfs$pkgver/$pkgname"
@@ -34,8 +35,11 @@ package() {
        cp -a mksquashfs unsquashfs "$pkgdir"/sbin
 }
 md5sums="d92ab59aabf5173f2a59089531e30dbf  squashfs4.3.tar.gz
-1bb2bed6830d32b76f1ca1b6c0349fcd  fix-compat.patch"
+1bb2bed6830d32b76f1ca1b6c0349fcd  fix-compat.patch
+d34cb53db691f0fb58425bb5ab30f6d4  vla-overlow.patch"
 sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6  squashfs4.3.tar.gz
-249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6  fix-compat.patch"
+249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6  fix-compat.patch
+213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5  vla-overlow.patch"
 sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79  squashfs4.3.tar.gz
-868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140  fix-compat.patch"
+868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140  fix-compat.patch
+975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360  vla-overlow.patch"
diff --git a/main/squashfs-tools/vla-overlow.patch b/main/squashfs-tools/vla-overlow.patch
new file mode 100644
index 0000000000..a9840fe01f
--- /dev/null
+++ b/main/squashfs-tools/vla-overlow.patch
@@ -0,0 +1,21 @@
+--- ./squashfs-tools/unsquashfs.c.orig
+++ ./squashfs-tools/unsquashfs.c
+@@ -2099,7 +2099,9 @@
+  */
+ void *inflator(void *arg)
+ {
+-       char tmp[block_size];
+       char *tmp = malloc(block_size);
+       if(tmp == NULL)
+               EXIT_UNSQUASH("Out of memory allocating block buffer\n");
+ 
+        while(1) {
+                struct cache_entry *entry = queue_get(to_inflate);
+@@ -2122,6 +2124,7 @@
+                 */ 
+                cache_block_ready(entry, res == -1);
+        }
+       free(tmp);
+ }
+ 
+
author	Natanael Copa <ncopa@alpinelinux.org>	2015-06-09 07:09:35 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2015-07-07 19:54:25 +0000
commit	b892cb972e14e5d9abb90a9126123ab0d3fb5d96 (patch)
tree	2f08095b493b373f110bbc0b9f38b23b8913ea86
parent	d294bb94f12a38a2be5c3efc793d6b5e234b0b4b (diff)
download	alpine_aports-b892cb972e14e5d9abb90a9126123ab0d3fb5d96.tar.bz2 alpine_aports-b892cb972e14e5d9abb90a9126123ab0d3fb5d96.tar.xz alpine_aports-b892cb972e14e5d9abb90a9126123ab0d3fb5d96.zip

diff --git a/main/squashfs-tools/APKBUILD b/main/squashfs-tools/APKBUILD index eb090928cc..90e5e9f0d1 100644 --- a/main/squashfs-tools/APKBUILD +++ b/main/squashfs-tools/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=squashfs-tools	2	pkgname=squashfs-tools
3	pkgver=4.3	3	pkgver=4.3
4	pkgrel=0	4	pkgrel=1
5	pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."	5	pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."
6	url="http://squashfs.sourceforge.net"	6	url="http://squashfs.sourceforge.net"
7	arch="all"	7	arch="all"
@@ -10,6 +10,7 @@ depends=
10	makedepends="zlib-dev xz-dev lzo-dev attr-dev"	10	makedepends="zlib-dev xz-dev lzo-dev attr-dev"
11	source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz	11	source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz
12	fix-compat.patch	12	fix-compat.patch
		13	vla-overlow.patch
13	"	14	"
14		15
15	_builddir="$srcdir/squashfs$pkgver/$pkgname"	16	_builddir="$srcdir/squashfs$pkgver/$pkgname"
@@ -34,8 +35,11 @@ package() {
34	cp -a mksquashfs unsquashfs "$pkgdir"/sbin	35	cp -a mksquashfs unsquashfs "$pkgdir"/sbin
35	}	36	}
36	md5sums="d92ab59aabf5173f2a59089531e30dbf squashfs4.3.tar.gz	37	md5sums="d92ab59aabf5173f2a59089531e30dbf squashfs4.3.tar.gz
37	1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch"	38	1bb2bed6830d32b76f1ca1b6c0349fcd fix-compat.patch
		39	d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch"
38	sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6 squashfs4.3.tar.gz	40	sha256sums="0d605512437b1eb800b4736791559295ee5f60177e102e4d4ccd0ee241a5f3f6 squashfs4.3.tar.gz
39	249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch"	41	249d10b4df7921fae5e0ab4c1f44f3346229f16851240d61a24e85006ed886e6 fix-compat.patch
		42	213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch"
40	sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79 squashfs4.3.tar.gz	43	sha512sums="854ed7acc99920f24ecf11e0da807e5a2a162eeda55db971aba63a03f0da2c13b20ec0564a906c4b0e415bd8258b273a10208c7abc0704f2ceea773aa6148a79 squashfs4.3.tar.gz
41	868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch"	44	868e3923f98a7f8bb980fe8ab0d648e9ae9a55e324bea3830d6047aa348a4302dcb96d65bf59c6e04665891d822e18fad367a37c6704505b8492f64d749fc140 fix-compat.patch
		45	975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch"


diff --git a/main/squashfs-tools/vla-overlow.patch b/main/squashfs-tools/vla-overlow.patch new file mode 100644 index 0000000000..a9840fe01f --- /dev/null +++ b/main/squashfs-tools/vla-overlow.patch
@@ -0,0 +1,21 @@
		1	--- ./squashfs-tools/unsquashfs.c.orig
		2	+++ ./squashfs-tools/unsquashfs.c
		3	@@ -2099,7 +2099,9 @@
		4	*/
		5	void inflator(void arg)
		6	{
		7	- char tmp[block_size];
		8	+ char *tmp = malloc(block_size);
		9	+ if(tmp == NULL)
		10	+ EXIT_UNSQUASH("Out of memory allocating block buffer\n");
		11
		12	while(1) {
		13	struct cache_entry *entry = queue_get(to_inflate);
		14	@@ -2122,6 +2124,7 @@
		15	*/
		16	cache_block_ready(entry, res == -1);
		17	}
		18	+ free(tmp);
		19	}
		20
		21