[packages/bzip2.git] / bzip2-toctou.patch

From Debian:

 * Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes:
   #303300. Patch by Santiago Ruano Rincon <santiago@unicauca.edu.co>.
   Original patch available at
   http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2

--- bzip2-1.0.2.orig/bzip2.c
+++ bzip2-1.0.2/bzip2.c
@@ -312,6 +312,7 @@
 
 static void    copyFileName ( Char*, Char* );
 static void*   myMalloc     ( Int32 );
+static int     applySavedFileAttrToOutputFile ( int fd );
 
 
 
@@ -457,6 +458,10 @@
    ret = fflush ( zStream );
    if (ret == EOF) goto errhandler_io;
    if (zStream != stdout) {
+      int fd = fileno ( zStream );
+      if (fd < 0) goto errhandler_io;
+      ret = applySavedFileAttrToOutputFile ( fd );
+      if (ret != 0) goto errhandler_io;
       ret = fclose ( zStream );
       outputHandleJustInCase = NULL;
       if (ret == EOF) goto errhandler_io;
@@ -567,6 +574,12 @@
 
    closeok:
    if (ferror(zStream)) goto errhandler_io;
+   if ( stream != stdout) {
+      int fd = fileno ( stream );
+      if (fd < 0) goto errhandler_io;
+      ret = applySavedFileAttrToOutputFile ( fd );
+      if (ret != 0) goto errhandler_io;
+   }
    ret = fclose ( zStream );
    if (ret == EOF) goto errhandler_io;
 
@@ -1125,7 +1140,7 @@
 
 
 static 
-void applySavedMetaInfoToOutputFile ( Char *dstName )
+void applySavedTimeInfoToOutputFile ( Char *dstName )
 {
 #  if BZ_UNIX
    IntNative      retVal;
@@ -1134,16 +1149,26 @@
    uTimBuf.actime = fileMetaInfo.st_atime;
    uTimBuf.modtime = fileMetaInfo.st_mtime;
 
-   retVal = chmod ( dstName, fileMetaInfo.st_mode );
-   ERROR_IF_NOT_ZERO ( retVal );
-
    retVal = utime ( dstName, &uTimBuf );
    ERROR_IF_NOT_ZERO ( retVal );
+#  endif
+}
 
-   retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
+static
+int applySavedFileAttrToOutputFile ( int fd )
+{
+#  if BZ_UNIX
+   IntNative      retVal;
+
+   retVal = fchmod ( fd, fileMetaInfo.st_mode );
+   if (retVal != 0)
+       return retVal;
+
+   (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
    /* chown() will in many cases return with EPERM, which can
       be safely ignored.
    */
+   return 0;
 #  endif
 }
 
@@ -1366,7 +1391,7 @@
 
    /*--- If there was an I/O error, we won't get here. ---*/
    if ( srcMode == SM_F2F ) {
-      applySavedMetaInfoToOutputFile ( outName );
+      applySavedTimeInfoToOutputFile ( outName );
       deleteOutputOnInterrupt = False;
       if ( !keepInputFiles ) {
          IntNative retVal = remove ( inName );
@@ -1544,7 +1569,7 @@
    /*--- If there was an I/O error, we won't get here. ---*/
    if ( magicNumberOK ) {
       if ( srcMode == SM_F2F ) {
-         applySavedMetaInfoToOutputFile ( outName );
+         applySavedTimeInfoToOutputFile ( outName );
          deleteOutputOnInterrupt = False;
          if ( !keepInputFiles ) {
             IntNative retVal = remove ( inName );
--- bzip2-1.0.2.orig/bzip2recover.c
+++ bzip2-1.0.2/bzip2recover.c
@@ -56,6 +56,8 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 
 /* This program records bit locations in the file to be recovered.
@@ -301,6 +303,19 @@
        name[n-1] == '2');
 }
 
+/*---------------------------------------------*/
+/* Open an output file safely with O_EXCL and good permissions */
+FILE* fopen_output( Char* name, const char* mode )
+{
+  FILE *fp;
+  int   fh;
+   
+  fh = open(name, O_WRONLY|O_CREAT|O_EXCL, 0600);
+  if (fh == -1) return NULL;
+  fp = fdopen(fh, mode);
+  if (fp == NULL) close(fh);
+  return fp;
+}
 
 /*---------------------------------------------------*/
 /*---                                             ---*/
@@ -338,6 +353,7 @@
    Int32       b, wrBlock, currBlock, rbCtr;
    MaybeUInt64 bitsRead;
 
+
    UInt32      buffHi, buffLo, blockCRC;
    Char*       p;
 
@@ -518,7 +534,7 @@
          fprintf ( stderr, "   writing block %d to `%s' ...\n",
                            wrBlock+1, outFileName );
 
-         outFile = fopen ( outFileName, "wb" );
+         outFile = fopen_output ( outFileName, "wb" );
          if (outFile == NULL) {
             fprintf ( stderr, "%s: can't write `%s'\n",
                       progName, outFileName );
Commit	Line	Data
8edf4722	1	From Debian:
	2
	3	* Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes:
	4	#303300. Patch by Santiago Ruano Rincon <santiago@unicauca.edu.co>.
	5	Original patch available at
	6	http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2
	7
	8	--- bzip2-1.0.2.orig/bzip2.c
	9	+++ bzip2-1.0.2/bzip2.c
	10	@@ -312,6 +312,7 @@
	11
	12	static void copyFileName ( Char, Char );
	13	static void* myMalloc ( Int32 );
	14	+static int applySavedFileAttrToOutputFile ( int fd );
	15
	16
	17
	18	@@ -457,6 +458,10 @@
	19	ret = fflush ( zStream );
	20	if (ret == EOF) goto errhandler_io;
	21	if (zStream != stdout) {
	22	+ int fd = fileno ( zStream );
	23	+ if (fd < 0) goto errhandler_io;
	24	+ ret = applySavedFileAttrToOutputFile ( fd );
	25	+ if (ret != 0) goto errhandler_io;
	26	ret = fclose ( zStream );
	27	outputHandleJustInCase = NULL;
	28	if (ret == EOF) goto errhandler_io;
	29	@@ -567,6 +574,12 @@
	30
	31	closeok:
	32	if (ferror(zStream)) goto errhandler_io;
	33	+ if ( stream != stdout) {
	34	+ int fd = fileno ( stream );
	35	+ if (fd < 0) goto errhandler_io;
	36	+ ret = applySavedFileAttrToOutputFile ( fd );
	37	+ if (ret != 0) goto errhandler_io;
	38	+ }
	39	ret = fclose ( zStream );
	40	if (ret == EOF) goto errhandler_io;
	41
	42	@@ -1125,7 +1140,7 @@
	43
	44
	45	static
	46	-void applySavedMetaInfoToOutputFile ( Char *dstName )
	47	+void applySavedTimeInfoToOutputFile ( Char *dstName )
	48	{
	49	# if BZ_UNIX
	50	IntNative retVal;
	51	@@ -1134,16 +1149,26 @@
	52	uTimBuf.actime = fileMetaInfo.st_atime;
	53	uTimBuf.modtime = fileMetaInfo.st_mtime;
	54
	55	- retVal = chmod ( dstName, fileMetaInfo.st_mode );
	56	- ERROR_IF_NOT_ZERO ( retVal );
	57	-
	58	retVal = utime ( dstName, &uTimBuf );
	59	ERROR_IF_NOT_ZERO ( retVal );
	60	+# endif
	61	+}
	62
	63	- retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
	64	+static
65	+int applySavedFileAttrToOutputFile ( int fd )
66	+{
67	+# if BZ_UNIX
68	+ IntNative retVal;
69	+
70	+ retVal = fchmod ( fd, fileMetaInfo.st_mode );
71	+ if (retVal != 0)
72	+ return retVal;
73	+
74	+ (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
75	/* chown() will in many cases return with EPERM, which can
76	be safely ignored.
77	*/
78	+ return 0;
79	# endif
80	}
81
82	@@ -1366,7 +1391,7 @@
83
84	/--- If there was an I/O error, we won't get here. ---/
85	if ( srcMode == SM_F2F ) {
86	- applySavedMetaInfoToOutputFile ( outName );
87	+ applySavedTimeInfoToOutputFile ( outName );
88	deleteOutputOnInterrupt = False;
89	if ( !keepInputFiles ) {
90	IntNative retVal = remove ( inName );
91	@@ -1544,7 +1569,7 @@
92	/--- If there was an I/O error, we won't get here. ---/
93	if ( magicNumberOK ) {
94	if ( srcMode == SM_F2F ) {
95	- applySavedMetaInfoToOutputFile ( outName );
96	+ applySavedTimeInfoToOutputFile ( outName );
97	deleteOutputOnInterrupt = False;
98	if ( !keepInputFiles ) {
99	IntNative retVal = remove ( inName );
100	--- bzip2-1.0.2.orig/bzip2recover.c
101	+++ bzip2-1.0.2/bzip2recover.c
102	@@ -56,6 +56,8 @@
103	#include <errno.h>
104	#include <stdlib.h>
105	#include <string.h>
106	+#include <fcntl.h>
107	+#include <unistd.h>
108
109
110	/* This program records bit locations in the file to be recovered.
111	@@ -301,6 +303,19 @@
112	name[n-1] == '2');
113	}
114
115	+/---------------------------------------------/
116	+/* Open an output file safely with O_EXCL and good permissions */
117	+FILE* fopen_output( Char* name, const char* mode )
118	+{
119	+ FILE *fp;
120	+ int fh;
121	+
122	+ fh = open(name, O_WRONLY\|O_CREAT\|O_EXCL, 0600);
123	+ if (fh == -1) return NULL;
124	+ fp = fdopen(fh, mode);
125	+ if (fp == NULL) close(fh);
126	+ return fp;
127	+}
128
129	/---------------------------------------------------/
130	/--- ---/
131	@@ -338,6 +353,7 @@
132	Int32 b, wrBlock, currBlock, rbCtr;
133	MaybeUInt64 bitsRead;
134
135	+
136	UInt32 buffHi, buffLo, blockCRC;
137	Char* p;
138
139	@@ -518,7 +534,7 @@
140	fprintf ( stderr, " writing block %d to `%s' ...\n",
141	wrBlock+1, outFileName );
142
143	- outFile = fopen ( outFileName, "wb" );
144	+ outFile = fopen_output ( outFileName, "wb" );
145	if (outFile == NULL) {
146	fprintf ( stderr, "%s: can't write `%s'\n",
147	progName, outFileName );