squashfs-tools: add alpine patches.
Fixes CVE-2015-4645 and unsquashfs stack overflow on musl.
This commit is contained in:
parent
42f714e4ad
commit
a5b344a5cd
3 changed files with 50 additions and 2 deletions
27
srcpkgs/squashfs-tools/patches/CVE-2015-4645.patch
Normal file
27
srcpkgs/squashfs-tools/patches/CVE-2015-4645.patch
Normal file
|
@ -0,0 +1,27 @@
|
|||
--- squashfs-tools/unsquash-4.c
|
||||
+++ squashfs-tools/unsquash-4.c
|
||||
@@ -31,9 +31,9 @@ static unsigned int *id_table;
|
||||
int read_fragment_table_4(long long *directory_table_end)
|
||||
{
|
||||
int res, i;
|
||||
- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
|
||||
- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
|
||||
- long long fragment_table_index[indexes];
|
||||
+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
|
||||
+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
|
||||
+ long long *fragment_table_index;
|
||||
|
||||
TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
|
||||
"from 0x%llx\n", sBlk.s.fragments, indexes,
|
||||
@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
+ fragment_table_index = malloc(indexes*sizeof(long long));
|
||||
+ if(fragment_table_index == NULL)
|
||||
+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
|
||||
+ "fragment table index\n");
|
||||
+
|
||||
fragment_table = malloc(bytes);
|
||||
if(fragment_table == NULL)
|
||||
EXIT_UNSQUASH("read_fragment_table: failed to allocate "
|
21
srcpkgs/squashfs-tools/patches/vla-overlow.patch
Normal file
21
srcpkgs/squashfs-tools/patches/vla-overlow.patch
Normal file
|
@ -0,0 +1,21 @@
|
|||
--- ./squashfs-tools/unsquashfs.c.orig
|
||||
+++ ./squashfs-tools/unsquashfs.c
|
||||
@@ -2099,7 +2099,9 @@
|
||||
*/
|
||||
void *inflator(void *arg)
|
||||
{
|
||||
- char tmp[block_size];
|
||||
+ char *tmp = malloc(block_size);
|
||||
+ if(tmp == NULL)
|
||||
+ EXIT_UNSQUASH("Out of memory allocating block buffer\n");
|
||||
|
||||
while(1) {
|
||||
struct cache_entry *entry = queue_get(to_inflate);
|
||||
@@ -2122,6 +2124,7 @@
|
||||
*/
|
||||
cache_block_ready(entry, res == -1);
|
||||
}
|
||||
+ free(tmp);
|
||||
}
|
||||
|
||||
|
|
@ -1,10 +1,10 @@
|
|||
# Template file for 'squashfs-tools'
|
||||
pkgname=squashfs-tools
|
||||
version=4.3
|
||||
revision=3
|
||||
revision=4
|
||||
wrksrc="squashfs${version}"
|
||||
makedepends="zlib-devel lzo-devel liblzma-devel"
|
||||
license="GPL"
|
||||
license="GPL-2"
|
||||
homepage="http://squashfs.sf.net/"
|
||||
short_desc="Tool to create and append to squashfs filesystems"
|
||||
maintainer="Juan RP <xtraeme@voidlinux.eu>"
|
||||
|
|
Loading…
Reference in a new issue