Contents of /trunk/gzip/patches/gzip-1.3.5-security_fixes-1.patch
Parent Directory | Revision Log
Revision 144 -
(show annotations)
(download)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 2022 byte(s)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 2022 byte(s)
-import
1 | Submitted By: Matthew Burgess (matthew at linuxfromscratch dot org) |
2 | Origin: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.1.diff.gz |
3 | Date: 2005-05-12 |
4 | Initial package version: 1.3.5 |
5 | Description: Fix two security vulnerabilities in gzip: A path traversal |
6 | bug when using the -N option (CAN-2005-1228) and a race condition in the |
7 | file permission restore code (CAN-2005-0998). |
8 | |
9 | diff -Naur gzip-1.3.5.orig/gzip.c gzip-1.3.5/gzip.c |
10 | --- gzip-1.3.5.orig/gzip.c 2002-09-28 07:38:43.000000000 +0000 |
11 | +++ gzip-1.3.5/gzip.c 2005-05-12 19:15:14.796031360 +0000 |
12 | @@ -875,8 +875,11 @@ |
13 | } |
14 | |
15 | close(ifd); |
16 | - if (!to_stdout && close(ofd)) { |
17 | - write_error(); |
18 | + if (!to_stdout) { |
19 | + /* Copy modes, times, ownership, and remove the input file */ |
20 | + copy_stat(&istat); |
21 | + if (close(ofd)) |
22 | + write_error(); |
23 | } |
24 | if (method == -1) { |
25 | if (!to_stdout) xunlink (ofname); |
26 | @@ -896,10 +899,6 @@ |
27 | } |
28 | fprintf(stderr, "\n"); |
29 | } |
30 | - /* Copy modes, times, ownership, and remove the input file */ |
31 | - if (!to_stdout) { |
32 | - copy_stat(&istat); |
33 | - } |
34 | } |
35 | |
36 | /* ======================================================================== |
37 | @@ -1324,6 +1323,8 @@ |
38 | error("corrupted input -- file name too large"); |
39 | } |
40 | } |
41 | + char *base2 = base_name (base); |
42 | + strcpy(base, base2); |
43 | /* If necessary, adapt the name to local OS conventions: */ |
44 | if (!list) { |
45 | MAKE_LEGAL_NAME(base); |
46 | @@ -1725,7 +1726,7 @@ |
47 | reset_times(ofname, ifstat); |
48 | #endif |
49 | /* Copy the protection modes */ |
50 | - if (chmod(ofname, ifstat->st_mode & 07777)) { |
51 | + if (fchmod(ofd, ifstat->st_mode & 07777)) { |
52 | int e = errno; |
53 | WARN((stderr, "%s: ", progname)); |
54 | if (!quiet) { |
55 | @@ -1734,7 +1735,7 @@ |
56 | } |
57 | } |
58 | #ifndef NO_CHOWN |
59 | - chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ |
60 | + fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ |
61 | #endif |
62 | remove_ofname = 0; |
63 | /* It's now safe to remove the input file: */ |