[gentoo-commits] gentoo-x86 commit in sys-freebsd/freebsd-ubin/files: freebsd-ubin-8.2-compress.patch - gentoo-commits

From:	"Naohiro Aota (naota)" <naota@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in sys-freebsd/freebsd-ubin/files: freebsd-ubin-8.2-compress.patch
Date:	Mon, 02 Apr 2012 10:23:09
Message-Id:	`20120402102258.7763A2004C@flycatcher.gentoo.org`

1

naota       12/04/02 10:22:58

2

3

  Added:                freebsd-ubin-8.2-compress.patch

4

  Log:

5

  Add patch to fix CVE-2011-2895. #408887

6

7

  (Portage version: 2.2.0_alpha89/cvs/FreeBSD i386)

8

9

Revision  Changes    Path

10

1.1                  sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch?rev=1.1&content-type=text/plain

14

15

Index: freebsd-ubin-8.2-compress.patch

16

===================================================================

17

Index: usr.bin/compress/zopen.c

18

===================================================================

19

--- usr.bin/compress/zopen.c	(revision 225020)

20

+++ usr.bin/compress/zopen.c	(working copy)

21

@@ -486,7 +486,7 @@ zread(void *cookie, char *rbp, int num)

22

 	block_compress = maxbits & BLOCK_MASK;

23

 	maxbits &= BIT_MASK;

24

 	maxmaxcode = 1L << maxbits;

25

-	if (maxbits > BITS) {

26

+	if (maxbits > BITS || maxbits < 12) {

27

 		errno = EFTYPE;

28

 		return (-1);

29

}

30

@@ -513,17 +513,28 @@ zread(void *cookie, char *rbp, int num)

31

 			for (code = 255; code >= 0; code--)

32

 				tab_prefixof(code) = 0;

33

 			clear_flg = 1;

34

-			free_ent = FIRST - 1;

35

-			if ((code = getcode(zs)) == -1)	/* O, untimely death! */

36

-				break;

37

+			free_ent = FIRST;

38

+			oldcode = -1;

39

+			continue;

40

}

41

 		incode = code;

42

43

-		/* Special case for KwKwK string. */

44

+		/* Special case for kWkWk string. */

45

 		if (code >= free_ent) {

46

+			if (code > free_ent || oldcode == -1) {

47

+				/* Bad stream. */

48

+				errno = EINVAL;

49

+				return (-1);

50

+			}

51

 			*stackp++ = finchar;

52

 			code = oldcode;

53

}

54

+		/*

55

+		 * The above condition ensures that code < free_ent.

56

+		 * The construction of tab_prefixof in turn guarantees that

57

+		 * each iteration decreases code and therefore stack usage is

58

+		 * bound by 1 << BITS - 256.

59

+		 */

60

61

 		/* Generate output characters in reverse order. */

62

 		while (code >= 256) {

63

@@ -540,7 +551,7 @@ middle:		do {

64

 		} while (stackp > de_stack);

65

66

 		/* Generate the new entry. */

67

-		if ((code = free_ent) < maxmaxcode) {

68

+		if ((code = free_ent) < maxmaxcode && oldcode != -1) {

69

 			tab_prefixof(code) = (u_short) oldcode;

70

 			tab_suffixof(code) = finchar;

71

 			free_ent = code + 1;

1	naota 12/04/02 10:22:58
2
3	Added: freebsd-ubin-8.2-compress.patch
4	Log:
5	Add patch to fix CVE-2011-2895. #408887
6
7	(Portage version: 2.2.0_alpha89/cvs/FreeBSD i386)
8
9	Revision Changes Path
10	1.1 sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch?rev=1.1&content-type=text/plain
14
15	Index: freebsd-ubin-8.2-compress.patch
16	===================================================================
17	Index: usr.bin/compress/zopen.c
18	===================================================================
19	--- usr.bin/compress/zopen.c (revision 225020)
20	+++ usr.bin/compress/zopen.c (working copy)
21	@@ -486,7 +486,7 @@ zread(void cookie, char rbp, int num)
22	block_compress = maxbits & BLOCK_MASK;
23	maxbits &= BIT_MASK;
24	maxmaxcode = 1L << maxbits;
25	- if (maxbits > BITS) {
26	+ if (maxbits > BITS \|\| maxbits < 12) {
27	errno = EFTYPE;
28	return (-1);
29	}
30	@@ -513,17 +513,28 @@ zread(void cookie, char rbp, int num)
31	for (code = 255; code >= 0; code--)
32	tab_prefixof(code) = 0;
33	clear_flg = 1;
34	- free_ent = FIRST - 1;
35	- if ((code = getcode(zs)) == -1) /* O, untimely death! */
36	- break;
37	+ free_ent = FIRST;
38	+ oldcode = -1;
39	+ continue;
40	}
41	incode = code;
42
43	- /* Special case for KwKwK string. */
44	+ /* Special case for kWkWk string. */
45	if (code >= free_ent) {
46	+ if (code > free_ent \|\| oldcode == -1) {
47	+ /* Bad stream. */
48	+ errno = EINVAL;
49	+ return (-1);
50	+ }
51	*stackp++ = finchar;
52	code = oldcode;
53	}
54	+ /*
55	+ * The above condition ensures that code < free_ent.
56	+ * The construction of tab_prefixof in turn guarantees that
57	+ * each iteration decreases code and therefore stack usage is
58	+ * bound by 1 << BITS - 256.
59	+ */
60
61	/* Generate output characters in reverse order. */
62	while (code >= 256) {
63	@@ -540,7 +551,7 @@ middle: do {
64	} while (stackp > de_stack);
65
66	/* Generate the new entry. */
67	- if ((code = free_ent) < maxmaxcode) {
68	+ if ((code = free_ent) < maxmaxcode && oldcode != -1) {
69	tab_prefixof(code) = (u_short) oldcode;
70	tab_suffixof(code) = finchar;
71	free_ent = code + 1;

Gentoo Archives: gentoo-commits