[packages/lha.git] / lha-security_fixes.patch

diff -urN lha-114i.orig/src/lha_macro.h lha-114i/src/lha_macro.h
--- lha-114i.orig/src/lha_macro.h	2000-10-04 16:57:38.000000000 +0200
+++ lha-114i/src/lha_macro.h	2004-12-13 20:02:02.850369304 +0100
@@ -53,7 +53,7 @@
 #define SEEK_SET		0
 #define SEEK_CUR		1
 #define SEEK_END		2
-#endif	/* SEEK_SET
+#endif	/* SEEK_SET */
 
 
 /* non-integral functions */
diff -urN lha-114i.orig/src/lharc.c lha-114i/src/lharc.c
--- lha-114i.orig/src/lharc.c	2004-12-13 20:01:23.000000000 +0100
+++ lha-114i/src/lharc.c	2004-12-13 20:04:18.906685600 +0100
@@ -830,9 +830,10 @@
 	DIRENTRY       *dp;
 	struct stat     tmp_stbuf, arc_stbuf, fil_stbuf;
 
-	strcpy(newname, name);
+	strncpy(newname, name, sizeof(newname));
+	newname[sizeof(newname)-1] = 0;
 	len = strlen(name);
-	if (len > 0 && newname[len - 1] != '/')
+	if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1))
 		newname[len++] = '/';
 
 	dirp = opendir(name);
@@ -846,6 +847,11 @@
 
 	for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
 		n = NAMLEN(dp);
+		if (len >= (sizeof(newname)-1) ||
+				(len+n) >= (sizeof(newname)-1) ||
+					 n  <= 0                   ||
+				(len+n) <= 0)
+			break;
 		strncpy(newname + len, dp->d_name, n);
 		newname[len + n] = '\0';
 		if (GETSTAT(newname, &fil_stbuf) < 0)
@@ -903,7 +909,8 @@
 		strcpy(temporary_name, TMP_FILENAME_TEMPLATE);
 	}
 	else {
-		sprintf(temporary_name, "%s/lhXXXXXX", extract_directory);
+		snprintf(temporary_name, sizeof(temporary_name),
+			"%s/lhXXXXXX", extract_directory);
 	}
 #ifdef MKSTEMP
 	mkstemp(temporary_name);
@@ -913,10 +920,16 @@
 #else
 	char           *p, *s;
 
-	strcpy(temporary_name, archive_name);
+	strncpy(temporary_name, archive_name, sizeof(temporary_name));
+	temporary_name[sizeof(temporary_name)-1] = 0;
 	for (p = temporary_name, s = (char *) 0; *p; p++)
 		if (*p == '/')
 			s = p;
+
+	if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1
+		<= strlen("lhXXXXXX"))
+			exit(-1);
+
 	strcpy((s ? s + 1 : temporary_name), "lhXXXXXX");
 #ifdef MKSTEMP
 	mkstemp(temporary_name);
@@ -1053,12 +1066,14 @@
 
 	if (open_old_archive_1(archive_name, &fp))
 		return fp;
-	sprintf(expanded_archive_name, "%s%s", archive_name, ARCHIVENAME_EXTENTION);
+	snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+		"%s%s", archive_name, ARCHIVENAME_EXTENTION);
 	if (open_old_archive_1(expanded_archive_name, &fp)) {
 		archive_name = expanded_archive_name;
 		return fp;
 	}
-	sprintf(expanded_archive_name, "%s.lzh", archive_name);
+	snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+		"%s.lzh", archive_name);
 	if (open_old_archive_1(expanded_archive_name, &fp)) {
 		archive_name = expanded_archive_name;
 		return fp;
@@ -1067,7 +1082,8 @@
 	 * if ( (errno&0xffff)!=E_PNNF ) { archive_name =
 	 * expanded_archive_name; return NULL; }
 	 */
-	sprintf(expanded_archive_name, "%s.lzs", archive_name);
+	snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+		"%s.lzs", archive_name);
 	if (open_old_archive_1(expanded_archive_name, &fp)) {
 		archive_name = expanded_archive_name;
 		return fp;
diff -urN lha-114i.orig/src/lhext.c lha-114i/src/lhext.c
--- lha-114i.orig/src/lhext.c	2004-12-13 20:01:23.000000000 +0100
+++ lha-114i/src/lhext.c	2004-12-13 20:02:02.855368544 +0100
@@ -82,7 +82,8 @@
 	register char  *p;
 
 	/* make parent directory name into PATH for recursive call */
-	strcpy(path, name);
+	memset(path, 0, sizeof(path));
+	strncpy(path, name, sizeof(path)-1);
 	for (p = path + strlen(path); p > path; p--)
 		if (p[-1] == '/') {
 			*--p = '\0';
@@ -212,9 +213,11 @@
 	}
 
 	if (extract_directory)
-		sprintf(name, "%s/%s", extract_directory, q);
-	else
-		strcpy(name, q);
+		snprintf(name, sizeof(name), "%s/%s", extract_directory, q);
+	else {
+		strncpy(name, q, sizeof(name));
+		name[sizeof(name) - 1] = '\0';
+	}
Commit	Line	Data
74f0c8af	1	diff -urN lha-114i.orig/src/lha_macro.h lha-114i/src/lha_macro.h
	2	--- lha-114i.orig/src/lha_macro.h 2000-10-04 16:57:38.000000000 +0200
	3	+++ lha-114i/src/lha_macro.h 2004-12-13 20:02:02.850369304 +0100
	4	@@ -53,7 +53,7 @@
	5	#define SEEK_SET 0
	6	#define SEEK_CUR 1
	7	#define SEEK_END 2
	8	-#endif /* SEEK_SET
	9	+#endif /* SEEK_SET */
	10
	11
	12	/* non-integral functions */
	13	diff -urN lha-114i.orig/src/lharc.c lha-114i/src/lharc.c
	14	--- lha-114i.orig/src/lharc.c 2004-12-13 20:01:23.000000000 +0100
	15	+++ lha-114i/src/lharc.c 2004-12-13 20:04:18.906685600 +0100
	16	@@ -830,9 +830,10 @@
	17	DIRENTRY *dp;
	18	struct stat tmp_stbuf, arc_stbuf, fil_stbuf;
	19
	20	- strcpy(newname, name);
	21	+ strncpy(newname, name, sizeof(newname));
	22	+ newname[sizeof(newname)-1] = 0;
	23	len = strlen(name);
	24	- if (len > 0 && newname[len - 1] != '/')
	25	+ if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1))
	26	newname[len++] = '/';
	27
	28	dirp = opendir(name);
	29	@@ -846,6 +847,11 @@
	30
	31	for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
	32	n = NAMLEN(dp);
	33	+ if (len >= (sizeof(newname)-1) \|\|
	34	+ (len+n) >= (sizeof(newname)-1) \|\|
	35	+ n <= 0 \|\|
	36	+ (len+n) <= 0)
	37	+ break;
	38	strncpy(newname + len, dp->d_name, n);
	39	newname[len + n] = '\0';
	40	if (GETSTAT(newname, &fil_stbuf) < 0)
	41	@@ -903,7 +909,8 @@
	42	strcpy(temporary_name, TMP_FILENAME_TEMPLATE);
	43	}
	44	else {
	45	- sprintf(temporary_name, "%s/lhXXXXXX", extract_directory);
	46	+ snprintf(temporary_name, sizeof(temporary_name),
	47	+ "%s/lhXXXXXX", extract_directory);
	48	}
	49	#ifdef MKSTEMP
	50	mkstemp(temporary_name);
	51	@@ -913,10 +920,16 @@
	52	#else
	53	char p, s;
	54
	55	- strcpy(temporary_name, archive_name);
	56	+ strncpy(temporary_name, archive_name, sizeof(temporary_name));
	57	+ temporary_name[sizeof(temporary_name)-1] = 0;
	58	for (p = temporary_name, s = (char ) 0; p; p++)
	59	if (*p == '/')
	60	s = p;
	61	+
	62	+ if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1
	63	+ <= strlen("lhXXXXXX"))
	64	+ exit(-1);
65	+
66	strcpy((s ? s + 1 : temporary_name), "lhXXXXXX");
67	#ifdef MKSTEMP
68	mkstemp(temporary_name);
69	@@ -1053,12 +1066,14 @@
70
71	if (open_old_archive_1(archive_name, &fp))
72	return fp;
73	- sprintf(expanded_archive_name, "%s%s", archive_name, ARCHIVENAME_EXTENTION);
74	+ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
75	+ "%s%s", archive_name, ARCHIVENAME_EXTENTION);
76	if (open_old_archive_1(expanded_archive_name, &fp)) {
77	archive_name = expanded_archive_name;
78	return fp;
79	}
80	- sprintf(expanded_archive_name, "%s.lzh", archive_name);
81	+ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
82	+ "%s.lzh", archive_name);
83	if (open_old_archive_1(expanded_archive_name, &fp)) {
84	archive_name = expanded_archive_name;
85	return fp;
86	@@ -1067,7 +1082,8 @@
87	* if ( (errno&0xffff)!=E_PNNF ) { archive_name =
88	* expanded_archive_name; return NULL; }
89	*/
90	- sprintf(expanded_archive_name, "%s.lzs", archive_name);
91	+ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
92	+ "%s.lzs", archive_name);
93	if (open_old_archive_1(expanded_archive_name, &fp)) {
94	archive_name = expanded_archive_name;
95	return fp;
96	diff -urN lha-114i.orig/src/lhext.c lha-114i/src/lhext.c
97	--- lha-114i.orig/src/lhext.c 2004-12-13 20:01:23.000000000 +0100
98	+++ lha-114i/src/lhext.c 2004-12-13 20:02:02.855368544 +0100
99	@@ -82,7 +82,8 @@
100	register char *p;
101
102	/* make parent directory name into PATH for recursive call */
103	- strcpy(path, name);
104	+ memset(path, 0, sizeof(path));
105	+ strncpy(path, name, sizeof(path)-1);
106	for (p = path + strlen(path); p > path; p--)
107	if (p[-1] == '/') {
108	*--p = '\0';
109	@@ -212,9 +213,11 @@
110	}
111
112	if (extract_directory)
113	- sprintf(name, "%s/%s", extract_directory, q);
114	- else
115	- strcpy(name, q);
116	+ snprintf(name, sizeof(name), "%s/%s", extract_directory, q);
117	+ else {
118	+ strncpy(name, q, sizeof(name));
119	+ name[sizeof(name) - 1] = '\0';
120	+ }
121
122
123