source: patches/gzip-1.3.5-security_fixes-1.patch@ eb10b87a

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since eb10b87a was 69cde8d, checked in by Jim Gifford <clfs@…>, 19 years ago

Added: All patches needed for the book.

  • Property mode set to 100644
File size: 2.0 KB
RevLine 
[69cde8d]1Submitted By: Matthew Burgess (matthew at linuxfromscratch dot org)
2Origin: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.1.diff.gz
3Date: 2005-05-12
4Initial package version: 1.3.5
5Description: Fix two security vulnerabilities in gzip: A path traversal
6bug when using the -N option (CAN-2005-1228) and a race condition in the
7file permission restore code (CAN-2005-0998).
8
9diff -Naur gzip-1.3.5.orig/gzip.c gzip-1.3.5/gzip.c
10--- gzip-1.3.5.orig/gzip.c 2002-09-28 07:38:43.000000000 +0000
11+++ gzip-1.3.5/gzip.c 2005-05-12 19:15:14.796031360 +0000
12@@ -875,8 +875,11 @@
13 }
14
15 close(ifd);
16- if (!to_stdout && close(ofd)) {
17- write_error();
18+ if (!to_stdout) {
19+ /* Copy modes, times, ownership, and remove the input file */
20+ copy_stat(&istat);
21+ if (close(ofd))
22+ write_error();
23 }
24 if (method == -1) {
25 if (!to_stdout) xunlink (ofname);
26@@ -896,10 +899,6 @@
27 }
28 fprintf(stderr, "\n");
29 }
30- /* Copy modes, times, ownership, and remove the input file */
31- if (!to_stdout) {
32- copy_stat(&istat);
33- }
34 }
35
36 /* ========================================================================
37@@ -1324,6 +1323,8 @@
38 error("corrupted input -- file name too large");
39 }
40 }
41+ char *base2 = base_name (base);
42+ strcpy(base, base2);
43 /* If necessary, adapt the name to local OS conventions: */
44 if (!list) {
45 MAKE_LEGAL_NAME(base);
46@@ -1725,7 +1726,7 @@
47 reset_times(ofname, ifstat);
48 #endif
49 /* Copy the protection modes */
50- if (chmod(ofname, ifstat->st_mode & 07777)) {
51+ if (fchmod(ofd, ifstat->st_mode & 07777)) {
52 int e = errno;
53 WARN((stderr, "%s: ", progname));
54 if (!quiet) {
55@@ -1734,7 +1735,7 @@
56 }
57 }
58 #ifndef NO_CHOWN
59- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
60+ fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
61 #endif
62 remove_ofname = 0;
63 /* It's now safe to remove the input file: */
Note: See TracBrowser for help on using the repository browser.