Commit cecc55e3 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/squashfs-tools: security fix for CVE-2015-4645/4646

ref #4416
fixes #4417

(cherry picked from commit 10422f18)

Conflicts:
	main/squashfs-tools/APKBUILD
parent b4b72d8f
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=squashfs-tools
pkgver=4.2
pkgrel=3
pkgrel=4
pkgdesc="Tools for squashfs, a highly compressed read-only filesystem for Linux."
url="http://squashfs.sourceforge.net"
arch="all"
......@@ -11,6 +11,7 @@ makedepends="zlib-dev xz-dev lzo-dev attr-dev"
source="http://downloads.sourceforge.net/sourceforge/squashfs/squashfs$pkgver.tar.gz
fix-compat.patch
vla-overlow.patch
CVE-2015-4645.patch
"
_builddir="$srcdir/squashfs$pkgver/$pkgname"
......@@ -36,10 +37,13 @@ package() {
}
md5sums="1b7a781fb4cf8938842279bd3e8ee852 squashfs4.2.tar.gz
da3de5c99f6ef34f83a88a066447eac0 fix-compat.patch
d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch"
d34cb53db691f0fb58425bb5ab30f6d4 vla-overlow.patch
4e3ccd009caa313fac1fd8d795c70bb7 CVE-2015-4645.patch"
sha256sums="d9e0195aa922dbb665ed322b9aaa96e04a476ee650f39bbeadb0d00b24022e96 squashfs4.2.tar.gz
1b10b07691253a97dba93d6a80220b59d2a4be21e306e3ea91265690570a4ed2 fix-compat.patch
213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch"
213f3f23576c99099305f717a279507913ab2b8df4dd8f502153e73b2d0a9df5 vla-overlow.patch
5754b29fa1864e77201318f7213cf144dc1e8beb1f66320733f264d3ab34a447 CVE-2015-4645.patch"
sha512sums="4b69c5d3008803347d0ce7628957e3873c9ebd799662b25dfb739afb6a1ce97bdd02b0465ac4d949bc38af2155880ac068209dc638b94e5c86a8011ec3a00de0 squashfs4.2.tar.gz
9532d29e06a691c0628cff21bb4a361d5e6f888adbeef150f52ab65f20678e3ada0a60489d73eba6f0ca8b3eab4c18baf87c6d24c23da0cf81afacf940d1eb91 fix-compat.patch
975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch"
975d09d047f4122866e83c4322ce3a15795c051b850d14a85a615c3beef970378e5a620ee16058b9c5104c53f973f9b3804d96c3ba1ab4f622f1e096c04e0360 vla-overlow.patch
09b697b76af01f8c06fa4e90c6cca277817eb4ae1387071eca0aaff95f948b3390eeca88af5777f139dd6548db10a671d7202acb8e579e4c3930bb9ac03f4fdc CVE-2015-4645.patch"
--- ./squashfs-tools/unsquash-4.c.orig
+++ ./squashfs-tools/unsquash-4.c
@@ -31,8 +31,9 @@
int read_fragment_table_4()
{
- int res, i, indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
- long long fragment_table_index[indexes];
+ int res, i;
+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
+ long long *fragment_table_index;
TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
"from 0x%llx\n", sBlk.s.fragments, indexes,
@@ -40,6 +41,11 @@
if(sBlk.s.fragments == 0)
return TRUE;
+
+ fragment_table_index = malloc(indexes*sizeof(long long));
+ if(fragment_table_index == NULL)
+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
+ "fragment table index\n");
fragment_table = malloc(sBlk.s.fragments *
sizeof(struct squashfs_fragment_entry));
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment