busybox: add upstream unzip segv patch
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Fri, 13 Nov 2015 13:51:56 +0000 (10:51 -0300)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 13 Nov 2015 14:40:57 +0000 (15:40 +0100)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/busybox/0002-unzip.patch [new file with mode: 0644]

diff --git a/package/busybox/0002-unzip.patch b/package/busybox/0002-unzip.patch
new file mode 100644 (file)
index 0000000..400e528
--- /dev/null
@@ -0,0 +1,111 @@
+From 1de25a6e87e0e627aa34298105a3d17c60a1f44e Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 26 Oct 2015 19:33:05 +0100
+Subject: [PATCH] unzip: test for bad archive SEGVing
+
+function                                             old     new   delta
+huft_build                                          1296    1300      +4
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+---
+ archival/libarchive/decompress_gunzip.c | 11 +++++++----
+ testsuite/unzip.tests                   | 23 ++++++++++++++++++++++-
+ 2 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
+index 7b6f459..30bf451 100644
+--- a/archival/libarchive/decompress_gunzip.c
++++ b/archival/libarchive/decompress_gunzip.c
+@@ -305,11 +305,12 @@ static int huft_build(const unsigned *b, const unsigned n,
+       unsigned i;             /* counter, current code */
+       unsigned j;             /* counter */
+       int k;                  /* number of bits in current code */
+-      unsigned *p;            /* pointer into c[], b[], or v[] */
++      const unsigned *p;      /* pointer into c[], b[], or v[] */
+       huft_t *q;              /* points to current table */
+       huft_t r;               /* table entry for structure assignment */
+       huft_t *u[BMAX];        /* table stack */
+       unsigned v[N_MAX];      /* values in order of bit length */
++      unsigned v_end;
+       int ws[BMAX + 1];       /* bits decoded stack */
+       int w;                  /* bits decoded */
+       unsigned x[BMAX + 1];   /* bit offsets, then code stack */
+@@ -324,7 +325,7 @@ static int huft_build(const unsigned *b, const unsigned n,
+       /* Generate counts for each bit length */
+       memset(c, 0, sizeof(c));
+-      p = (unsigned *) b; /* cast allows us to reuse p for pointing to b */
++      p = b;
+       i = n;
+       do {
+               c[*p]++; /* assume all entries <= BMAX */
+@@ -365,12 +366,14 @@ static int huft_build(const unsigned *b, const unsigned n,
+       }
+       /* Make a table of values in order of bit lengths */
+-      p = (unsigned *) b;
++      p = b;
+       i = 0;
++      v_end = 0;
+       do {
+               j = *p++;
+               if (j != 0) {
+                       v[x[j]++] = i;
++                      v_end = x[j];
+               }
+       } while (++i < n);
+@@ -432,7 +435,7 @@ static int huft_build(const unsigned *b, const unsigned n,
+                       /* set up table entry in r */
+                       r.b = (unsigned char) (k - w);
+-                      if (p >= v + n) {
++                      if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
+                               r.e = 99; /* out of values--invalid code */
+                       } else if (*p < s) {
+                               r.e = (unsigned char) (*p < 256 ? 16 : 15);     /* 256 is EOB code */
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index 8677a03..ca0a458 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -7,7 +7,7 @@
+ . ./testing.sh
+-# testing "test name" "options" "expected result" "file input" "stdin"
++# testing "test name" "commands" "expected result" "file input" "stdin"
+ #   file input will be file called "input"
+ #   test can create a file "actual" instead of writing to stdout
+@@ -30,6 +30,27 @@ testing "unzip (subdir only)" "unzip -q foo.zip foo/ && test -d foo && test ! -f
+ rmdir foo
+ rm foo.zip
++# File containing some damaged encrypted stream
++testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
++"Archive:  bad.zip
++  inflating: ]3j½r«I\e\12K-%Ix
++unzip: inflate error
++1
++" \
++"" "\
++begin-base64 644 bad.zip
++UEsDBBQAAgkIAAAAIQA5AAAANwAAADwAAAAQAAcAXTNqwr1ywqtJGxJLLSVJ
++eCkBD0AdKBk8JzQsIj01JC0/ORJQSwMEFAECCAAAAAAhADoAAAAPAAAANgAA
++AAwAAQASw73Ct1DCokohPXQiNjoUNTUiHRwgLT4WHlBLAQIQABQAAggIAAAA
++oQA5AAAANwAAADwAAAAQQAcADAAAACwAMgCAAAAAAABdM2rCvXLCq0kbEkst
++JUl4KQEPQB0oGSY4Cz4QNgEnJSYIPVBLAQIAABQAAggAAAAAIQAqAAAADwAA
++BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
++NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
++====
++"
++
++rm *
++
+ # Clean up scratch directory.
+ cd ..
+-- 
+2.6.2
+