[packages/tar.git] / tar-heapOverflow.patch

--- tar-1.15.1/src/xheader.c.orig	2004-09-06 06:31:14.000000000 -0500
+++ tar-1.15.1/src/xheader.c	2006-02-08 16:59:46.000000000 -0500
@@ -783,6 +783,32 @@ code_num (uintmax_t value, char const *k
   xheader_print (xhdr, keyword, sbuf);
 }
 
+static bool
+decode_num (uintmax_t *num, char const *arg, uintmax_t maxval,
+        char const *keyword)
+{
+  uintmax_t u;
+  char *arg_lim;
+
+  if (! (ISDIGIT (*arg)
+     && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim)))
+    {
+      ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"),
+          keyword, arg));
+      return false;
+    }
+
+  if (! (u <= maxval && errno != ERANGE))
+    {
+      ERROR ((0, 0, _("Extended header %s=%s is out of range"),
+        keyword, arg));
+      return false;
+    }
+
+  *num = u;
+  return true;
+}
+
 static void
 dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)),
 	     char const *keyword __attribute__ ((unused)),
@@ -821,7 +847,7 @@ static void
 gid_decoder (struct tar_stat_info *st, char const *arg)
 {
   uintmax_t u;
-  if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
+  if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid"))
     st->stat.st_gid = u;
 }
 
@@ -903,7 +929,7 @@ static void
 size_decoder (struct tar_stat_info *st, char const *arg)
 {
   uintmax_t u;
-  if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
+  if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size"))
     st->archive_file_size = st->stat.st_size = u;
 }
 
@@ -918,7 +944,7 @@ static void
 uid_decoder (struct tar_stat_info *st, char const *arg)
 {
   uintmax_t u;
-  if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
+  if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid"))
     st->stat.st_uid = u;
 }
 
@@ -946,7 +972,7 @@ static void
 sparse_size_decoder (struct tar_stat_info *st, char const *arg)
 {
   uintmax_t u;
-  if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
+  if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size"))
     st->stat.st_size = u;
 }
 
@@ -962,10 +988,10 @@ static void
 sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg)
 {
   uintmax_t u;
-  if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
+  if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks"))
     {
       st->sparse_map_size = u;
-      st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0]));
+      st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]);
       st->sparse_map_avail = 0;
     }
 }
@@ -982,8 +1008,14 @@ static void
 sparse_offset_decoder (struct tar_stat_info *st, char const *arg)
 {
   uintmax_t u;
-  if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
+  if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset"))
+    {
+      if (st->sparse_map_avail < st->sparse_map_size)
     st->sparse_map[st->sparse_map_avail].offset = u;
+      else
+    ERROR ((0, 0, _("Malformed extended header: excess %s=%s"),
+        "GNU.sparse.offset", arg));
+    }
 }
 
 static void
@@ -998,15 +1030,13 @@ static void
 sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg)
 {
   uintmax_t u;
-  if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
+  if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes"))
     {
       if (st->sparse_map_avail == st->sparse_map_size)
-	{
-	  st->sparse_map_size *= 2;
-	  st->sparse_map = xrealloc (st->sparse_map,
-				     st->sparse_map_size
-				     * sizeof st->sparse_map[0]);
-	}
+        st->sparse_map = x2nrealloc (st->sparse_map,
+                                    &st->sparse_map_size,
+                                    sizeof st->sparse_map[0]);
+
       st->sparse_map[st->sparse_map_avail++].numbytes = u;
     }
 }
--- tar-1.15.1/po/pl.po.orig	2006-03-08 00:05:45.756358000 +0100
+++ tar-1.15.1/po/pl.po	2006-03-08 00:10:59.199947750 +0100
@@ -1828,3 +1828,18 @@
 #: src/xheader.c:501
 msgid "Malformed extended header: missing equal sign"
Commit	Line	Data
2035e06a JB	1	--- tar-1.15.1/src/xheader.c.orig 2004-09-06 06:31:14.000000000 -0500
	2	+++ tar-1.15.1/src/xheader.c 2006-02-08 16:59:46.000000000 -0500
	3	@@ -783,6 +783,32 @@ code_num (uintmax_t value, char const *k
	4	xheader_print (xhdr, keyword, sbuf);
	5	}
	6
	7	+static bool
	8	+decode_num (uintmax_t num, char const arg, uintmax_t maxval,
	9	+ char const *keyword)
	10	+{
	11	+ uintmax_t u;
	12	+ char *arg_lim;
	13	+
	14	+ if (! (ISDIGIT (*arg)
	15	+ && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim)))
	16	+ {
	17	+ ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"),
	18	+ keyword, arg));
	19	+ return false;
	20	+ }
	21	+
	22	+ if (! (u <= maxval && errno != ERANGE))
	23	+ {
	24	+ ERROR ((0, 0, _("Extended header %s=%s is out of range"),
	25	+ keyword, arg));
	26	+ return false;
	27	+ }
	28	+
	29	+ *num = u;
	30	+ return true;
	31	+}
	32	+
	33	static void
	34	dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)),
	35	char const *keyword __attribute__ ((unused)),
	36	@@ -821,7 +847,7 @@ static void
	37	gid_decoder (struct tar_stat_info st, char const arg)
	38	{
	39	uintmax_t u;
	40	- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
	41	+ if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid"))
	42	st->stat.st_gid = u;
	43	}
	44
	45	@@ -903,7 +929,7 @@ static void
	46	size_decoder (struct tar_stat_info st, char const arg)
	47	{
	48	uintmax_t u;
	49	- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
	50	+ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size"))
	51	st->archive_file_size = st->stat.st_size = u;
	52	}
	53
	54	@@ -918,7 +944,7 @@ static void
	55	uid_decoder (struct tar_stat_info st, char const arg)
	56	{
	57	uintmax_t u;
	58	- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
	59	+ if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid"))
	60	st->stat.st_uid = u;
	61	}
	62
	63	@@ -946,7 +972,7 @@ static void
	64	sparse_size_decoder (struct tar_stat_info st, char const arg)
65	{
66	uintmax_t u;
67	- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
68	+ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size"))
69	st->stat.st_size = u;
70	}
71
72	@@ -962,10 +988,10 @@ static void
73	sparse_numblocks_decoder (struct tar_stat_info st, char const arg)
74	{
75	uintmax_t u;
76	- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
77	+ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks"))
78	{
79	st->sparse_map_size = u;
80	- st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0]));
81	+ st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]);
82	st->sparse_map_avail = 0;
83	}
84	}
85	@@ -982,8 +1008,14 @@ static void
86	sparse_offset_decoder (struct tar_stat_info st, char const arg)
87	{
88	uintmax_t u;
89	- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
90	+ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset"))
91	+ {
92	+ if (st->sparse_map_avail < st->sparse_map_size)
93	st->sparse_map[st->sparse_map_avail].offset = u;
94	+ else
95	+ ERROR ((0, 0, _("Malformed extended header: excess %s=%s"),
96	+ "GNU.sparse.offset", arg));
97	+ }
98	}
99
100	static void
101	@@ -998,15 +1030,13 @@ static void
102	sparse_numbytes_decoder (struct tar_stat_info st, char const arg)
103	{
104	uintmax_t u;
105	- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
106	+ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes"))
107	{
108	if (st->sparse_map_avail == st->sparse_map_size)
109	- {
110	- st->sparse_map_size *= 2;
111	- st->sparse_map = xrealloc (st->sparse_map,
112	- st->sparse_map_size
113	- * sizeof st->sparse_map[0]);
114	- }
115	+ st->sparse_map = x2nrealloc (st->sparse_map,
116	+ &st->sparse_map_size,
117	+ sizeof st->sparse_map[0]);
118	+
119	st->sparse_map[st->sparse_map_avail++].numbytes = u;
120	}
121	}
122	--- tar-1.15.1/po/pl.po.orig 2006-03-08 00:05:45.756358000 +0100
123	+++ tar-1.15.1/po/pl.po 2006-03-08 00:10:59.199947750 +0100
124	@@ -1828,3 +1828,18 @@
125	#: src/xheader.c:501
126	msgid "Malformed extended header: missing equal sign"
127