source: patches/gzip-1.3.5-security_fixes-1.patch@ fb773d9

clfs-1.2 clfs-2.1 clfs-3.0.0-systemd clfs-3.0.0-sysvinit systemd sysvinit
Last change on this file since fb773d9 was 69cde8d, checked in by Jim Gifford <clfs@…>, 19 years ago

Added: All patches needed for the book.

  • Property mode set to 100644
File size: 2.0 KB
  • gzip-1.3.5

    Submitted By: Matthew Burgess (matthew at linuxfromscratch dot org)
    Origin: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.1.diff.gz
    Date: 2005-05-12
    Initial package version: 1.3.5
    Description: Fix two security vulnerabilities in gzip: A path traversal
    bug when using the -N option (CAN-2005-1228) and a race condition in the
    file permission restore code (CAN-2005-0998).
    
    diff -Naur gzip-1.3.5.orig/gzip.c gzip-1.3.5/gzip.c
    old new  
    875875    }
    876876
    877877    close(ifd);
    878     if (!to_stdout && close(ofd)) {
    879         write_error();
     878    if (!to_stdout) {
     879         /* Copy modes, times, ownership, and remove the input file */
     880         copy_stat(&istat);
     881         if (close(ofd))
     882            write_error();
    880883    }
    881884    if (method == -1) {
    882885        if (!to_stdout) xunlink (ofname);
     
    896899        }
    897900        fprintf(stderr, "\n");
    898901    }
    899     /* Copy modes, times, ownership, and remove the input file */
    900     if (!to_stdout) {
    901         copy_stat(&istat);
    902     }
    903902}
    904903
    905904/* ========================================================================
     
    13241323                        error("corrupted input -- file name too large");
    13251324                    }
    13261325                }
     1326                char *base2 = base_name (base);
     1327                strcpy(base, base2);
    13271328                /* If necessary, adapt the name to local OS conventions: */
    13281329                if (!list) {
    13291330                   MAKE_LEGAL_NAME(base);
     
    17251726    reset_times(ofname, ifstat);
    17261727#endif
    17271728    /* Copy the protection modes */
    1728     if (chmod(ofname, ifstat->st_mode & 07777)) {
     1729    if (fchmod(ofd, ifstat->st_mode & 07777)) {
    17291730        int e = errno;
    17301731        WARN((stderr, "%s: ", progname));
    17311732        if (!quiet) {
     
    17341735        }
    17351736    }
    17361737#ifndef NO_CHOWN
    1737     chown(ofname, ifstat->st_uid, ifstat->st_gid);  /* Copy ownership */
     1738    fchown(ofd, ifstat->st_uid, ifstat->st_gid);  /* Copy ownership */
    17381739#endif
    17391740    remove_ofname = 0;
    17401741    /* It's now safe to remove the input file: */
Note: See TracBrowser for help on using the repository browser.