[pkgsrc/trunk]: pkgsrc/archivers/lha Fix security problem of lha package appl...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3b6aa343baa6
branches:  trunk
changeset: 475278:3b6aa343baa6
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu May 13 11:42:43 2004 +0000

description:
Fix security problem of lha package applying patches by David Ahmad
< da at securityfocus dot com > on bugtraq mailing list.

Bump pacakge revision to nb2.

diffstat:

 archivers/lha/Makefile         |   4 +-
 archivers/lha/distinfo         |   4 ++-
 archivers/lha/patches/patch-ad |  53 ++++++++++++++++++++++++++++++++++++++++++
 archivers/lha/patches/patch-ak |  26 ++++++++++++++++++++
 4 files changed, 84 insertions(+), 3 deletions(-)

diffs (118 lines):

diff -r abea0a702753 -r 3b6aa343baa6 archivers/lha/Makefile
--- a/archivers/lha/Makefile    Thu May 13 11:40:14 2004 +0000
+++ b/archivers/lha/Makefile    Thu May 13 11:42:43 2004 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.19 2004/05/06 08:15:08 itojun Exp $
+# $NetBSD: Makefile,v 1.20 2004/05/13 11:42:43 taca Exp $
 
 DISTNAME=       lha-114i
 PKGNAME=       lha-114.9
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    archivers
 MASTER_SITES=   http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ \
                ftp://ftp.win.ne.jp/pub/misc/
diff -r abea0a702753 -r 3b6aa343baa6 archivers/lha/distinfo
--- a/archivers/lha/distinfo    Thu May 13 11:40:14 2004 +0000
+++ b/archivers/lha/distinfo    Thu May 13 11:42:43 2004 +0000
@@ -1,10 +1,12 @@
-$NetBSD: distinfo,v 1.5 2002/08/25 21:49:12 jlam Exp $
+$NetBSD: distinfo,v 1.6 2004/05/13 11:42:43 taca Exp $
 
 SHA1 (lha-114i.tar.gz) = 79e35271f2cf783f946db3f22e304fef72dbac99
 Size (lha-114i.tar.gz) = 64608 bytes
+SHA1 (patch-ad) = a3169c55c462d4eb54e52709744ef7084a94bcb4
 SHA1 (patch-ae) = a53647ccf72511ecd2b5306e23da1219fa5e7264
 SHA1 (patch-af) = 0c2f6d5bf23c3c98b102487abe3dd1190470f50c
 SHA1 (patch-ag) = 9ad3bc807a3cda4f71d8fbbbea19306f252f2489
 SHA1 (patch-ah) = cd44b40fa7e25a9996b2441d1b78a1a6570977b2
 SHA1 (patch-ai) = d988b7d048656080d14bfad1da89c9888c9ddf90
 SHA1 (patch-aj) = 6331fce7f55eef1c2003e693f165dd0565e7172e
+SHA1 (patch-ak) = fa6de630a7414b73dec8b75be0bfbb3493c4192f
diff -r abea0a702753 -r 3b6aa343baa6 archivers/lha/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/lha/patches/patch-ad    Thu May 13 11:42:43 2004 +0000
@@ -0,0 +1,53 @@
+$NetBSD: patch-ad,v 1.3 2004/05/13 11:42:43 taca Exp $
+
+--- src/lhext.c.orig   2000-10-04 23:57:38.000000000 +0900
++++ src/lhext.c
+@@ -190,8 +190,13 @@ extract_one(afp, hdr)
+               q = (char *) rindex(hdr->name, '/') + 1;
+       }
+       else {
++              if (is_directory_traversal(q)) {
++                fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
++                exit(111);
++              }
++
+               if (*q == '/') {
+-                      q++;
++                      while (*q == '/') { q++; }
+                       /*
+                        * if OSK then strip device name
+                        */
+@@ -419,6 +424,33 @@ cmd_extract()
+       return;
+ }
+ 
++int
++is_directory_traversal(char *string)
++{
++  unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
++  char *temp;
++
++  temp = string;
++
++  while (*temp != 0) {
++    if (temp[0] == '/') {
++      if (type == 1) { return 1; }
++      type = 0;
++      temp++;
++      continue;
++    }
++
++    if ((temp[0] == '.') && (type < 2))
++      type = 1;
++    if (temp[0] != '.')
++      type = 2;
++
++    temp++;
++  } /* while */
++
++  return (type == 1);
++}
++
+ /* Local Variables: */
+ /* mode:c */
+ /* tab-width:4 */
diff -r abea0a702753 -r 3b6aa343baa6 archivers/lha/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/lha/patches/patch-ak    Thu May 13 11:42:43 2004 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-ak,v 1.1 2004/05/13 11:42:43 taca Exp $
+
+--- src/header.c.orig  2000-10-06 02:36:03.000000000 +0900
++++ src/header.c
+@@ -538,6 +538,10 @@ get_header(fp, hdr)
+                               /*
+                                * filename
+                                */
++                              if (header_size >= 256) {
++                                fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");
++                                exit(109);
++                              }
+                               for (i = 0; i < header_size - 3; i++)
+                                       hdr->name[i] = (char) get_byte();
+                               hdr->name[header_size - 3] = '\0';
+@@ -547,6 +551,10 @@ get_header(fp, hdr)
+                               /*
+                                * directory
+                                */
++                              if (header_size >= FILENAME_LENGTH) {
++                                fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");
++                                exit(110);
++                              }
+                               for (i = 0; i < header_size - 3; i++)
+                                       dirname[i] = (char) get_byte();
+                               dirname[header_size - 3] = '\0';