From: Plauchu Edwin <edwin.plauchu.camacho@linux.intel.com>
To: openembedded-core@lists.openembedded.org
Cc: joshua.g.lock@intel.com, Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Subject: Re: [PATCH v1] unzip: fix security issues
Date: Tue, 7 Jun 2016 16:49:26 -0500 [thread overview]
Message-ID: <57574166.2050203@linux.intel.com> (raw)
In-Reply-To: <574C5E1E.3020800@linux.intel.com>
Ping!
On 30/05/16 10:37, Plauchu Edwin wrote:
> Ping!
>
> On 27/05/16 15:29, Edwin Plauchu wrote:
>> From: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>>
>> This patch avoids unzip fails to compile with compiler flags which
>> elevate common string formatting issues into an error (-Wformat
>> -Wformat-security -Werror=format-security).
>>
>> [YOCTO #9551]
>>
>> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>> ---
>> meta/conf/distro/include/security_flags.inc | 1 -
>> .../unzip/unzip/fix-security-format.patch | 139
>> +++++++++++++++++++++
>> meta/recipes-extended/unzip/unzip_6.0.bb | 1 +
>> 3 files changed, 140 insertions(+), 1 deletion(-)
>> create mode 100644
>> meta/recipes-extended/unzip/unzip/fix-security-format.patch
>>
>> diff --git a/meta/conf/distro/include/security_flags.inc
>> b/meta/conf/distro/include/security_flags.inc
>> index febedfa..fc4c581 100644
>> --- a/meta/conf/distro/include/security_flags.inc
>> +++ b/meta/conf/distro/include/security_flags.inc
>> @@ -104,7 +104,6 @@ SECURITY_STRINGFORMAT_pn-gcc = ""
>> SECURITY_STRINGFORMAT_pn-gettext = ""
>> SECURITY_STRINGFORMAT_pn-kexec-tools = ""
>> SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
>> -SECURITY_STRINGFORMAT_pn-unzip = ""
>> TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
>> TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
>> diff --git
>> a/meta/recipes-extended/unzip/unzip/fix-security-format.patch
>> b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
>> new file mode 100644
>> index 0000000..c82f502
>> --- /dev/null
>> +++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch
>> @@ -0,0 +1,139 @@
>> +unzip: Fixing security formatting issues
>> +
>> +Fix security formatting issues related to sprintf parameters expeted.
>> +
>> +[YOCTO #9551]
>> +[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
>> +
>> +Upstream-Status: Pending
>> +
>> +Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
>> +
>> +diff --git a/unzpriv.h b/unzpriv.h
>> +index c8d3eab..85e693a 100644
>> +--- a/unzpriv.h
>> ++++ b/unzpriv.h
>> +@@ -1006,7 +1006,7 @@
>> + # define LoadFarStringSmall(x) Qstrfix(x)
>> + # define LoadFarStringSmall2(x) Qstrfix(x)
>> + # else
>> +-# define LoadFarString(x) (char *)(x)
>> ++# define LoadFarString(x) "%s",(char *)(x)
>> + # define LoadFarStringSmall(x) (char *)(x)
>> + # define LoadFarStringSmall2(x) (char *)(x)
>> + # endif
>> +diff --git a/fileio.c b/fileio.c
>> +index 36bfea3..ca779c2 100644
>> +--- a/fileio.c
>> ++++ b/fileio.c
>> +@@ -588,8 +588,8 @@ unsigned readbuf(__G__ buf, size) /* return
>> number of bytes read into buf */
>> + else if (G.incnt < 0) {
>> + /* another hack, but no real harm copying same
>> thing twice */
>> + (*G.message)((zvoid *)&G,
>> +- (uch *)LoadFarString(ReadError), /* CANNOT use
>> slide */
>> +- (ulg)strlen(LoadFarString(ReadError)), 0x401);
>> ++ (uch *)(char*)(ReadError), /* CANNOT use slide */
>> ++ (ulg)strlen((char*)(ReadError)), 0x401);
>> + return 0; /* discarding some data; better than
>> lock-up */
>> + }
>> + /* buffer ALWAYS starts on a block boundary: */
>> +@@ -631,8 +631,8 @@ int readbyte(__G) /* refill inbuf and return a
>> byte if available, else EOF */
>> + } else if (G.incnt < 0) { /* "fail" (abort, retry, ...)
>> returns this */
>> + /* another hack, but no real harm copying same thing
>> twice */
>> + (*G.message)((zvoid *)&G,
>> +- (uch *)LoadFarString(ReadError),
>> +- (ulg)strlen(LoadFarString(ReadError)), 0x401);
>> ++ (uch *)(char*)(ReadError),
>> ++ (ulg)strlen((char*)(ReadError)), 0x401);
>> + echon();
>> + #ifdef WINDLL
>> + longjmp(dll_error_return, 1);
>> +@@ -1356,7 +1356,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
>> + ++((Uz_Globs *)pG)->lines;
>> + if (((Uz_Globs *)pG)->lines >= ((Uz_Globs
>> *)pG)->height)
>> + (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
>> +- LoadFarString(MorePrompt), 1);
>> ++ (char*)(MorePrompt), 1);
>> + }
>> + #endif /* MORE */
>> + if (MSG_STDERR(flag) && ((Uz_Globs *)pG)->UzO.tflag &&
>> +@@ -1416,7 +1416,7 @@ int UZ_EXP UzpMessagePrnt(pG, buf, size, flag)
>> + ((Uz_Globs *)pG)->sol = TRUE;
>> + q = p + 1;
>> + (*((Uz_Globs *)pG)->mpause)((zvoid *)pG,
>> +- LoadFarString(MorePrompt), 1);
>> ++ (char*)(MorePrompt), 1);
>> + }
>> + }
>> + INCSTR(p);
>> +@@ -2176,7 +2176,7 @@ int do_string(__G__ length, option) /*
>> return PK-type error code */
>> + (*G.message)((zvoid *)&G, slide,
>> (ulg)(q-slide), 0);
>> + q = slide;
>> + if (pause && G.extract_flag) /* don't pause for
>> list/test */
>> +- (*G.mpause)((zvoid *)&G,
>> LoadFarString(QuitPrompt), 0);
>> ++ (*G.mpause)((zvoid *)&G,
>> (char*)(QuitPrompt), 0);
>> + }
>> + }
>> + (*G.message)((zvoid *)&G, slide, (ulg)(q-slide), 0);
>> +diff --git a/unzip.c b/unzip.c
>> +index 2d94a38..ca135af 100644
>> +--- a/unzip.c
>> ++++ b/unzip.c
>> +@@ -1079,7 +1079,7 @@ int unzip(__G__ argc, argv)
>> + #ifndef _WIN32_WCE /* Win CE does not support environment variables */
>> + if ((error = envargs(&argc, &argv,
>> LoadFarStringSmall(EnvZipInfo),
>> + LoadFarStringSmall2(EnvZipInfo2))) != PK_OK)
>> +- perror(LoadFarString(NoMemEnvArguments));
>> ++ perror((char*)(NoMemEnvArguments));
>> + #endif
>> + } else
>> + #endif /* !NO_ZIPINFO */
>> +@@ -1088,7 +1088,7 @@ int unzip(__G__ argc, argv)
>> + #ifndef _WIN32_WCE /* Win CE does not support environment variables */
>> + if ((error = envargs(&argc, &argv,
>> LoadFarStringSmall(EnvUnZip),
>> + LoadFarStringSmall2(EnvUnZip2))) !=
>> PK_OK)
>> +- perror(LoadFarString(NoMemEnvArguments));
>> ++ perror((char*)(NoMemEnvArguments));
>> + #endif
>> + }
>> +
>> +diff --git a/zipinfo.c b/zipinfo.c
>> +index 0ac75b3..8a0887c 100644
>> +--- a/zipinfo.c
>> ++++ b/zipinfo.c
>> +@@ -1640,14 +1640,14 @@ static int zi_long(__G__ pEndprev,
>> error_in_archive)
>> +
>> + *types = '\0';
>> + if (*ef_ptr & 1) {
>> +- strcpy(types,
>> LoadFarString(UTmodification));
>> ++ strcpy(types, (char*)(UTmodification));
>> + ++num;
>> + }
>> + if (*ef_ptr & 2) {
>> + len = strlen(types);
>> + if (num)
>> + types[len++] = '/';
>> +- strcpy(types+len,
>> LoadFarString(UTaccess));
>> ++ strcpy(types+len, (char*)(UTaccess));
>> + ++num;
>> + if (*pEndprev > 0L)
>> + *pEndprev += 4L;
>> +@@ -1656,7 +1656,7 @@ static int zi_long(__G__ pEndprev,
>> error_in_archive)
>> + len = strlen(types);
>> + if (num)
>> + types[len++] = '/';
>> +- strcpy(types+len,
>> LoadFarString(UTcreation));
>> ++ strcpy(types+len, (char *)(UTcreation));
>> + ++num;
>> + if (*pEndprev > 0L)
>> + *pEndprev += 4L;
>> +@@ -2331,7 +2331,7 @@ static char *zi_time(__G__ datetimez,
>> modtimez, d_t_str)
>> + /* time conversion error in verbose listing format,
>> + * return string with '?' instead of data
>> + */
>> +- return (strcpy(d_t_str,
>> LoadFarString(lngYMDHMSTimeError)));
>> ++ return (strcpy(d_t_str, (char*)(lngYMDHMSTimeError)));
>> + } else
>> + t = (struct tm *)NULL;
>> + if (t != (struct tm *)NULL) {
>> +
>> diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb
>> b/meta/recipes-extended/unzip/unzip_6.0.bb
>> index 2397606..547379c 100644
>> --- a/meta/recipes-extended/unzip/unzip_6.0.bb
>> +++ b/meta/recipes-extended/unzip/unzip_6.0.bb
>> @@ -16,6 +16,7 @@ SRC_URI =
>> "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
>> file://11-cve-2014-8141-getzip64data.patch \
>> file://CVE-2015-7696.patch \
>> file://CVE-2015-7697.patch \
>> + file://fix-security-format.patch \
>> "
>> SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
>
next prev parent reply other threads:[~2016-06-07 21:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-27 20:29 [PATCH v1] unzip: fix security issues Edwin Plauchu
2016-05-30 15:37 ` Plauchu Edwin
2016-05-30 21:42 ` Richard Purdie
2016-06-07 21:49 ` Plauchu Edwin [this message]
2016-06-08 13:30 ` Burton, Ross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57574166.2050203@linux.intel.com \
--to=edwin.plauchu.camacho@linux.intel.com \
--cc=edwin.plauchu.camacho@intel.com \
--cc=joshua.g.lock@intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.