Subversion Repositories libtar

Compare Revisions

Ignore whitespace Rev 29 → Rev 30

/trunk/debian/changelog
1,3 → 1,14
libtar (1.2.20-3) unstable; urgency=low
 
* no_maxpathlen.patch: Fix two grave bugs in the patch. First,
th_get_pathname would only allocate as much memory as was needed for
the first filename encountered, causing heap corruption when/if
encountering longer filenames later. Second, two variables were mixed
up in tar_append_tree(). Also, fix a potential memory leak and trim
the patch a bit.
 
-- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:54:56 +0100
 
libtar (1.2.20-2) unstable; urgency=low
 
* no_static_buffers.patch: avoid using a static buffer in
/trunk/debian/patches/no_maxpathlen.patch
156,32 → 156,27
/* print file info */
--- a/lib/decode.c
+++ b/lib/decode.c
@@ -29,10 +29,13 @@ th_get_pathname(TAR *t)
if (t->th_buf.gnu_longname)
return t->th_buf.gnu_longname;
+ size_t pathlen =
+ strlen(t->th_buf.prefix) + strlen(t->th_buf.name) + 2;
+
@@ -32,7 +32,8 @@ th_get_pathname(TAR *t)
/* allocate the th_pathname buffer if not already */
if (t->th_pathname == NULL)
{
- t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
+ t->th_pathname = malloc(pathlen);
+ /* Allocate the maximum length of prefix + '/' + name + '\0' */
+ t->th_pathname = malloc(155 + 1 + 100 + 1);
if (t->th_pathname == NULL)
/* out of memory */
return NULL;
@@ -40,11 +43,11 @@ th_get_pathname(TAR *t)
@@ -40,11 +41,11 @@ th_get_pathname(TAR *t)
if (t->th_buf.prefix[0] == '\0')
{
- snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
+ snprintf(t->th_pathname, pathlen, "%.100s", t->th_buf.name);
+ sprintf(t->th_pathname, "%.100s", t->th_buf.name);
}
else
{
- snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
+ snprintf(t->th_pathname, pathlen, "%.155s/%.100s",
+ sprintf(t->th_pathname, "%.155s/%.100s",
t->th_buf.prefix, t->th_buf.name);
}
268,7 → 263,7
--- a/lib/wrapper.c
+++ b/lib/wrapper.c
@@ -16,18 +16,18 @@
@@ -16,6 +16,7 @@
#include <sys/param.h>
#include <dirent.h>
#include <errno.h>
276,10 → 271,7
#ifdef STDC_HEADERS
# include <string.h>
#endif
-
int
@@ -26,8 +27,8 @@ int
tar_extract_glob(TAR *t, char *globname, char *prefix)
{
char *filename;
290,7 → 282,7
while ((i = th_read(t)) == 0)
{
@@ -41,11 +41,25 @@ tar_extract_glob(TAR *t, char *globname,
@@ -41,11 +42,25 @@ tar_extract_glob(TAR *t, char *globname,
if (t->options & TAR_VERBOSE)
th_print_long_ls(t);
if (prefix != NULL)
318,7 → 310,7
}
return (i == 1 ? 0 : -1);
@@ -56,8 +70,9 @@ int
@@ -56,8 +71,9 @@ int
tar_extract_all(TAR *t, char *prefix)
{
char *filename;
330,12 → 322,7
#ifdef DEBUG
printf("==> tar_extract_all(TAR *t, \"%s\")\n",
@@ -69,19 +84,34 @@ tar_extract_all(TAR *t, char *prefix)
#ifdef DEBUG
puts(" tar_extract_all(): calling th_get_pathname()");
#endif
+
filename = th_get_pathname(t);
@@ -73,15 +89,29 @@ tar_extract_all(TAR *t, char *prefix)
if (t->options & TAR_VERBOSE)
th_print_long_ls(t);
if (prefix != NULL)
384,7 → 371,7
#ifdef DEBUG
printf("==> tar_append_tree(0x%lx, \"%s\", \"%s\")\n",
@@ -122,11 +155,19 @@ tar_append_tree(TAR *t, char *realdir, c
@@ -122,11 +155,21 @@ tar_append_tree(TAR *t, char *realdir, c
strcmp(dent->d_name, "..") == 0)
continue;
398,15 → 385,17
- snprintf(savepath, MAXPATHLEN, "%s/%s", savedir,
+ {
+ len = strlen(savedir) + 1 + strlen(dent->d_name);
+ if ((savepath = malloc(len + 1)) == NULL)
+ if ((savepath = malloc(len + 1)) == NULL) {
+ free(realpath);
+ return -1;
+ snprintf(realpath, len + 1, "%s/%s", savedir,
+ }
+ snprintf(savepath, len + 1, "%s/%s", savedir,
dent->d_name);
+ }
if (lstat(realpath, &s) != 0)
return -1;
@@ -135,13 +176,23 @@ tar_append_tree(TAR *t, char *realdir, c
@@ -135,13 +178,23 @@ tar_append_tree(TAR *t, char *realdir, c
{
if (tar_append_tree(t, realpath,
(savedir ? savepath : NULL)) != 0)