squashfs-tools: add alpine patches.

Fixes CVE-2015-4645 and unsquashfs stack overflow on musl.
This commit is contained in:
Christian Neukirchen 2016-02-11 22:17:31 +01:00
parent 42f714e4ad
commit a5b344a5cd
3 changed files with 50 additions and 2 deletions

View file

@ -0,0 +1,27 @@
--- squashfs-tools/unsquash-4.c
+++ squashfs-tools/unsquash-4.c
@@ -31,9 +31,9 @@ static unsigned int *id_table;
int read_fragment_table_4(long long *directory_table_end)
{
int res, i;
- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
- long long fragment_table_index[indexes];
+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
+ long long *fragment_table_index;
TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
"from 0x%llx\n", sBlk.s.fragments, indexes,
@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
return TRUE;
}
+ fragment_table_index = malloc(indexes*sizeof(long long));
+ if(fragment_table_index == NULL)
+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
+ "fragment table index\n");
+
fragment_table = malloc(bytes);
if(fragment_table == NULL)
EXIT_UNSQUASH("read_fragment_table: failed to allocate "

View file

@ -0,0 +1,21 @@
--- ./squashfs-tools/unsquashfs.c.orig
+++ ./squashfs-tools/unsquashfs.c
@@ -2099,7 +2099,9 @@
*/
void *inflator(void *arg)
{
- char tmp[block_size];
+ char *tmp = malloc(block_size);
+ if(tmp == NULL)
+ EXIT_UNSQUASH("Out of memory allocating block buffer\n");
while(1) {
struct cache_entry *entry = queue_get(to_inflate);
@@ -2122,6 +2124,7 @@
*/
cache_block_ready(entry, res == -1);
}
+ free(tmp);
}

View file

@ -1,10 +1,10 @@
# Template file for 'squashfs-tools'
pkgname=squashfs-tools
version=4.3
revision=3
revision=4
wrksrc="squashfs${version}"
makedepends="zlib-devel lzo-devel liblzma-devel"
license="GPL"
license="GPL-2"
homepage="http://squashfs.sf.net/"
short_desc="Tool to create and append to squashfs filesystems"
maintainer="Juan RP <xtraeme@voidlinux.eu>"