sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 17:59:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

- fix C warnings

Browse source 
- split patches
- make portlint happier
This commit is contained in:
Dirk Meyer 2017-02-11 08:00:51 +00:00
parent a4dda6684a
commit 4d6ca0e17d
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=433839
19 changed files with 707 additions and 317 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
archivers/lha/Makefile
View file

@ -3,7 +3,7 @@
PORTNAME= lha
PORTVERSION= 1.14i
PORTREVISION= 6
PORTREVISION= 7
CATEGORIES= archivers
MASTER_SITES= http://www2m.biglobe.ne.jp/~dolphin/lha/prog/
DISTNAME= ${PORTNAME}-${PORTVERSION:S/.//}

4
archivers/lha/files/patch-Makefile
View file

@ -1,5 +1,5 @@
--- Makefile.orig Fri Dec 15 14:13:16 2000
+++ Makefile Sun Jul 21 17:24:46 2002
--- Makefile.orig 2000-12-15 12:13:16 UTC
+++ Makefile
@@ -10,28 +10,36 @@
# SWITCHES macro definitions ... see config.eng or config.jpn.
#-----------------------------------------------------------------------

196
archivers/lha/files/patch-command_buffer
View file

@ -1,196 +0,0 @@
diff -urNp src/lha_macro.h.orig lha-114i/src/lha_macro.h
--- src/lha_macro.h.orig 2004-08-03 15:53:56.000000000 -0500
+++ src/lha_macro.h 2004-08-03 15:54:05.000000000 -0500
@@ -53,7 +53,7 @@
#define SEEK_SET 0
#define SEEK_CUR 1
#define SEEK_END 2
-#endif /* SEEK_SET
+#endif /* SEEK_SET */
/* non-integral functions */
diff -urNp src/lharc.c.orig lha-114i/src/lharc.c
--- src/lharc.c.orig 2004-08-03 15:53:56.000000000 -0500
+++ src/lharc.c 2004-08-03 15:54:05.000000000 -0500
@@ -830,9 +830,10 @@ find_files(name, v_filec, v_filev)
DIRENTRY *dp;
struct stat tmp_stbuf, arc_stbuf, fil_stbuf;
- strcpy(newname, name);
+ strncpy(newname, name, sizeof(newname));
+ newname[sizeof(newname)-1] = 0;
len = strlen(name);
- if (len > 0 && newname[len - 1] != '/')
+ if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1))
newname[len++] = '/';
dirp = opendir(name);
@@ -846,6 +847,11 @@ find_files(name, v_filec, v_filev)
for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
n = NAMLEN(dp);
+ if (len >= (sizeof(newname)-1) ||
+ (len+n) >= (sizeof(newname)-1) ||
+ n <= 0 ||
+ (len+n) <= 0)
+ break;
strncpy(newname + len, dp->d_name, n);
newname[len + n] = '\0';
if (GETSTAT(newname, &fil_stbuf) < 0)
@@ -903,7 +909,8 @@ build_temporary_name()
strcpy(temporary_name, TMP_FILENAME_TEMPLATE);
}
else {
- sprintf(temporary_name, "%s/lhXXXXXX", extract_directory);
+ snprintf(temporary_name, sizeof(temporary_name),
+ "%s/lhXXXXXX", extract_directory);
}
#ifdef MKSTEMP
mkstemp(temporary_name);
@@ -913,10 +920,16 @@ build_temporary_name()
#else
char *p, *s;
- strcpy(temporary_name, archive_name);
+ strncpy(temporary_name, archive_name, sizeof(temporary_name));
+ temporary_name[sizeof(temporary_name)-1] = 0;
for (p = temporary_name, s = (char *) 0; *p; p++)
if (*p == '/')
s = p;
+
+ if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1
+ <= strlen("lhXXXXXX"))
+ exit(-1);
+
strcpy((s ? s + 1 : temporary_name), "lhXXXXXX");
#ifdef MKSTEMP
mkstemp(temporary_name);
@@ -1052,7 +1065,8 @@ open_old_archive()
if (open_old_archive_1(archive_name, &fp))
return fp;
- sprintf(expanded_archive_name, "%s.lzh", archive_name);
+ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+ "%s.lzh", archive_name);
if (open_old_archive_1(expanded_archive_name, &fp)) {
archive_name = expanded_archive_name;
return fp;
@@ -1061,7 +1075,8 @@ open_old_archive()
* if ( (errno&0xffff)!=E_PNNF ) { archive_name =
* expanded_archive_name; return NULL; }
*/
- sprintf(expanded_archive_name, "%s.lzs", archive_name);
+ snprintf(expanded_archive_name, sizeof(expanded_archive_name),
+ "%s.lzs", archive_name);
if (open_old_archive_1(expanded_archive_name, &fp)) {
archive_name = expanded_archive_name;
return fp;
diff -urNp src/lhext.c.orig lha-114i/src/lhext.c
--- src/lhext.c.orig 2004-08-03 15:53:56.000000000 -0500
+++ src/lhext.c 2004-08-03 15:55:40.000000000 -0500
@@ -82,7 +82,8 @@ make_parent_path(name)
register char *p;
/* make parent directory name into PATH for recursive call */
- strcpy(path, name);
+ memset(path, 0, sizeof(path));
+ strncpy(path, name, sizeof(path)-1);
for (p = path + strlen(path); p > path; p--)
if (p[-1] == '/') {
*--p = '\0';
@@ -212,9 +213,11 @@ extract_one(afp, hdr)
}
if (extract_directory)
- sprintf(name, "%s/%s", extract_directory, q);
- else
- strcpy(name, q);
+ snprintf(name, sizeof(name), "%s/%s", extract_directory, q);
+ else {
+ strncpy(name, q, sizeof(name));
+ name[sizeof(name) - 1] = '\0';
+ }
/* LZHDIRS_METHOD<4F><44><EFBFBD><EFBFBD><EFBFBD>ĥإå<D8A5><C3A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>å<EFBFBD><C3A5><EFBFBD><EFBFBD><EFBFBD> */
@@ -335,7 +338,8 @@ extract_one(afp, hdr)
if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) == UNIX_FILE_SYMLINK) {
char buf[256], *bb1, *bb2;
int l_code;
- strcpy(buf, name);
+ strncpy(buf, name, sizeof(buf));
+ buf[sizeof(buf)-1] = 0;
bb1 = strtok(buf, "|");
bb2 = strtok(NULL, "|");
@@ -365,9 +369,10 @@ extract_one(afp, hdr)
if (quiet != TRUE) {
printf("Symbolic Link %s -> %s\n", bb1, bb2);
}
- strcpy(name, bb1); /* Symbolic's name set */
+ strncpy(name, bb1, 255); /* Symbolic's name set */
+ name[255] = 0;
#else
- sprintf(buf, "%s -> %s", bb1, bb2);
+ snprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2);
warning("Can't make Symbolic Link", buf);
return;
#endif
diff -urNp src/lhlist.c.orig lha-114i/src/lhlist.c
--- src/lhlist.c.orig 2004-08-03 15:53:56.000000000 -0500
+++ src/lhlist.c 2004-08-03 15:54:05.000000000 -0500
@@ -250,7 +250,8 @@ list_one(hdr)
printf(" %s", hdr->name);
else {
char buf[256], *b1, *b2;
- strcpy(buf, hdr->name);
+ strncpy(buf, hdr->name, sizeof(buf));
+ buf[sizeof(buf)-1] = 0;
b1 = strtok(buf, "|");
b2 = strtok(NULL, "|");
printf(" %s -> %s", b1, b2);
diff -urNp src/util.c.orig lha-114i/src/util.c
--- src/util.c.orig 2004-08-03 15:53:56.000000000 -0500
+++ src/util.c 2004-08-03 15:54:05.000000000 -0500
@@ -276,21 +276,27 @@ rmdir(path)
char *path;
{
int stat, rtn = 0;
- char *cmdname;
- if ((cmdname = (char *) malloc(strlen(RMDIRPATH) + 1 + strlen(path) + 1))
- == 0)
+ pid_t child;
+
+
+ /* XXX thomas: shell meta chars in path could exec commands */
+ /* therefore we should avoid using system() */
+ if ((child = fork()) < 0)
+ return (-1); /* fork error */
+ else if (child) { /* parent process */
+ while (child != wait(&stat)) /* ignore signals */
+ continue;
+ }
+ else { /* child process */
+ execl(RMDIRPATH, "rmdir", path, (char *) 0);
+ /* never come here except execl is error */
return (-1);
- strcpy(cmdname, RMDIRPATH);
- *(cmdname + strlen(RMDIRPATH)) = ' ';
- strcpy(cmdname + strlen(RMDIRPATH) + 1, path);
- if ((stat = system(cmdname)) < 0)
- rtn = -1; /* fork or exec error */
- else if (stat) { /* RMDIR command error */
- errno = EIO;
- rtn = -1;
}
- free(cmdname);
- return (rtn);
+ if (stat != 0) {
+ errno = EIO; /* cannot get error num. */
+ return (-1);
+ }
+ return (0);
}
/* ------------------------------------------------------------------------ */

53
archivers/lha/files/patch-crcio.c Normal file
View file

@ -0,0 +1,53 @@
--- src/crcio.c.orig 2000-10-04 14:57:38 UTC
+++ src/crcio.c
@@ -66,8 +66,7 @@ calccrc(p, n)
/* ------------------------------------------------------------------------ */
void
-fillbuf(n) /* Shift bitbuf n bits left, read n bits */
- unsigned char n;
+fillbuf(unsigned char n) /* Shift bitbuf n bits left, read n bits */
{
while (n > bitcount) {
n -= bitcount;
@@ -87,8 +86,7 @@ fillbuf(n) /* Shift bitbuf n bits left
/* ------------------------------------------------------------------------ */
unsigned short
-getbits(n)
- unsigned char n;
+getbits(unsigned char n)
{
unsigned short x;
@@ -99,9 +97,7 @@ getbits(n)
/* ------------------------------------------------------------------------ */
void
-putcode(n, x) /* Write rightmost n bits of x */
- unsigned char n;
- unsigned short x;
+putcode(unsigned char n, unsigned short x) /* Write rightmost n bits of x */
{
while (n >= bitcount) {
n -= bitcount;
@@ -126,9 +122,7 @@ putcode(n, x) /* Write rightmost n bit
/* ------------------------------------------------------------------------ */
void
-putbits(n, x) /* Write rightmost n bits of x */
- unsigned char n;
- unsigned short x;
+putbits(unsigned char n, unsigned short x) /* Write rightmost n bits of x */
{
x <<= USHRT_BIT - n;
while (n >= bitcount) {
@@ -308,7 +302,7 @@ fread_txt(p, n, fp)
c = '\r';
}
#ifdef EUC
- else if (euc_mode && (c == 0x8E || 0xA0 < c && c < 0xFF)) {
+ else if (euc_mode && (c == 0x8E || (0xA0 < c && c < 0xFF))) {
int d = fgetc(fp);
if (d == EOF) {
*p++ = c;

20
archivers/lha/files/patch-dir_length_bounds_check
View file

@ -1,20 +0,0 @@
--- src/header.c 2002-07-19 17:23:58.000000000 +0900
+++ src/header.c 2004-06-16 09:49:23.000000000 +0900
@@ -648,8 +648,17 @@
}
if (dir_length) {
+ if ((dir_length + name_length) >= sizeof(dirname)) {
+ fprintf(stderr, "Insufficient buffer size\n");
+ exit(112);
+ }
strcat(dirname, hdr->name);
- strcpy(hdr->name, dirname);
+
+ if ((dir_length + name_length) >= sizeof(hdr->name)) {
+ fprintf(stderr, "Insufficient buffer size\n");
+ exit(112);
+ }
+ strncpy(hdr->name, dirname, sizeof(hdr->name));
name_length += dir_length;
}

80
archivers/lha/files/patch-header.c Normal file
View file

@ -0,0 +1,80 @@
--- src/header.c.orig 2000-10-05 17:36:03 UTC
+++ src/header.c
@@ -320,8 +320,8 @@ generic_to_unix_stamp(t)
dostm.tm_min = t >> 5 & 0x3f;
dostm.tm_hour = t >> 11 & 0x1f;
dostm.tm_mday = t >> 16 & 0x1f;
- dostm.tm_mon = (t >> 16 + 5 & 0x0f) - 1; /* 0..11 */
- dostm.tm_year = (t >> 16 + 9 & 0x7f) + 80;
+ dostm.tm_mon = (t >> (16 + 5) & 0x0f) - 1; /* 0..11 */
+ dostm.tm_year = (t >> (16 + 9) & 0x7f) + 80;
#if 0
dostm.tm_isdst = 0; /* correct? */
#endif
@@ -538,6 +538,10 @@ get_header(fp, hdr)
/*
* filename
*/
+ if (header_size >= 256) {
+ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");
+ exit(109);
+ }
for (i = 0; i < header_size - 3; i++)
hdr->name[i] = (char) get_byte();
hdr->name[header_size - 3] = '\0';
@@ -547,6 +551,10 @@ get_header(fp, hdr)
/*
* directory
*/
+ if (header_size >= FILENAME_LENGTH) {
+ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");
+ exit(110);
+ }
for (i = 0; i < header_size - 3; i++)
dirname[i] = (char) get_byte();
dirname[header_size - 3] = '\0';
@@ -648,8 +656,16 @@ get_header(fp, hdr)
}
if (dir_length) {
+ if ((dir_length + name_length) >= sizeof(dirname)) {
+ fprintf(stderr, "Insufficient buffer size\n");
+ exit(112);
+ }
strcat(dirname, hdr->name);
- strcpy(hdr->name, dirname);
+ if ((dir_length + name_length) >= sizeof(hdr->name)) {
+ fprintf(stderr, "Insufficient buffer size\n");
+ exit(112);
+ }
+ strncpy(hdr->name, dirname, sizeof(hdr->name));
name_length += dir_length;
}
@@ -754,7 +770,7 @@ write_header(nafp, hdr)
convdelim(hdr->name, DELIM2);
if (hdr->header_level != HEADER_LEVEL2) {
- if (p = (char *) rindex(hdr->name, DELIM2))
+ if ((p = (char *) rindex(hdr->name, DELIM2)))
name_length = strlen(++p);
else
name_length = strlen(hdr->name);
@@ -812,7 +828,7 @@ write_header(nafp, hdr)
put_word(hdr->unix_gid);
put_word(hdr->unix_uid);
- if (p = (char *) rindex(hdr->name, DELIM2)) {
+ if ((p = (char *) rindex(hdr->name, DELIM2))) {
int i;
name_length = p - hdr->name + 1;
@@ -838,7 +854,7 @@ write_header(nafp, hdr)
data[I_HEADER_CHECKSUM] = calc_sum(data + I_METHOD, header_size);
} else { /* header level 2 */
int i;
- if (p = (char *) rindex(hdr->name, DELIM2))
+ if ((p = (char *) rindex(hdr->name, DELIM2)))
name_length = strlen(++p);
else {
p = hdr->name;

13
archivers/lha/files/patch-huf.c Normal file
View file

@ -0,0 +1,13 @@
--- src/huf.c.orig 2000-10-05 17:35:49 UTC
+++ src/huf.c
@@ -219,9 +219,7 @@ send_block( /* void */ )
/* ------------------------------------------------------------------------ */
void
-output_st1(c, p)
- unsigned short c;
- unsigned short p;
+output_st1(unsigned short c, unsigned short p)
{
static unsigned short cpos;

259
archivers/lha/files/patch-lha.h
View file

@ -1,7 +1,6 @@
diff -ru src.orig/lha.h src/lha.h
--- src.orig/lha.h Thu Oct 5 10:35:38 2000
+++ src/lha.h Sun May 11 00:31:53 2003
@@ -11,6 +11,7 @@
--- src/lha.h.orig 2000-10-05 17:35:38 UTC
+++ src/lha.h
@@ -11,11 +11,14 @@
lharc.h interface.h slidehuf.h
*/
#include <stdio.h>
@ -9,3 +8,255 @@ diff -ru src.orig/lha.h src/lha.h
#include <errno.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/file.h>
#include <sys/stat.h>
+#include <unistd.h>
+#include <utime.h>
#include <signal.h>
@@ -135,6 +138,7 @@ EXTERN char temporary_name[FILENAME_
EXTERN char backup_archive_name[FILENAME_LENGTH];
EXTERN char *reading_filename, *writting_filename;
+EXTERN char *extract_directory;
/* 1996.8.13 t.okamoto */
#if 0
@@ -191,128 +195,147 @@ EXTERN FILE *temporary_fp;
/* ------------------------------------------------------------------------ */
/* Functions */
/* ------------------------------------------------------------------------ */
+
+/* from patmatch.c */
+extern int patmatch(register char *p, register char *s, int f);
+
+
/* from lharc.c */
-extern int patmatch();
+extern void message(char *subject, char *name);
+extern void warning(char *subject, char *name);
+extern void error(char *subject, char *msg);
+extern void fatal_error(char *msg);
-extern void interrupt();
+extern void interrupt(int signo);
-extern void message();
-extern void warning();
-extern void error();
-extern void fatal_error();
+extern void init_sp(struct string_pool *sp);
+extern void add_sp(struct string_pool *sp, char *name, int len);
+extern void finish_sp(register struct string_pool *sp, int *v_count, char ***v_vector);
+extern void free_sp(char **vector);
-extern boolean need_file();
-extern int inquire();
-extern FILE *xfopen();
+extern void cleaning_files(int *v_filec, char ***v_filev);
+extern boolean find_files(char *name, int *v_filec, char ***v_filev);
+extern void free_files(int filec, char **filev);
-extern boolean find_files();
-extern void free_files();
+extern void build_temporary_name(void);
+extern void build_backup_name(char *buffer, char *original);
+extern void build_standard_archive_name(char *buffer, char *original);
+extern boolean need_file(char *name);
+extern FILE *xfopen(char *name, char *mode);
+extern FILE *open_old_archive(void);
-extern void init_sp();
-extern void add_sp();
-extern void finish_sp();
-extern void free_sp();
-extern void cleaning_files();
+extern int inquire(char *msg, char *name, char *selective);
+extern void write_archive_tail(FILE *nafp);
+extern void copy_old_one(FILE *oafp, FILE *nafp, LzHeader *hdr);
-extern void build_temporary_name();
-extern void build_backup_file_name();
-extern void build_standard_archive_name();
-extern FILE *open_old_archive();
-extern void init_header();
-extern boolean get_header();
-extern boolean archive_is_msdos_sfx1();
-extern boolean skip_msdos_sfx1_code();
-extern void write_header();
-extern void write_archive_tail();
-extern void copy_old_one();
-extern unsigned char *convdelim();
-extern long copyfile();
+/* from header.c */
+extern int calc_sum(register char *p, register int len);
+extern boolean get_header(FILE *fp, register LzHeader *hdr);
+extern void init_header(char *name, struct stat *v_stat, LzHeader *hdr);
+extern void write_header(FILE *nafp, LzHeader *hdr);
-extern void cmd_list(), cmd_extract(), cmd_add(), cmd_delete();
-extern boolean ignore_directory;
-extern boolean compress_method;
-extern boolean verify_mode;
+/* from util.c */
+extern long copyfile(FILE *f1, FILE *f2, long size, int crc_flg);
+extern int encode_stored_crc(FILE *ifp, FILE *ofp, long size, long *original_size_var, long *write_size_var);
+extern unsigned char *convdelim(unsigned char *path, unsigned char delim);
+extern boolean archive_is_msdos_sfx1(char *name);
+extern boolean skip_msdos_sfx1_code(FILE *fp);
+
+
+/* from lhlist.c */
+extern void cmd_list(void);
+
+
+/* from lhext.c */
+extern void cmd_extract(void);
+extern int is_directory_traversal(char *string);
+
+
+/* from extrac.c */
+extern int decode_lzhuf(FILE *infp, FILE *outfp, long original_size, long packed_size, char *name, int method);
-extern char *extract_directory;
/* from slide.c */
+extern int encode_alloc(int method);
+extern void encode(struct interfacing *interface);
+extern void decode(struct interfacing *interface);
-extern int encode_alloc();
-extern void encode();
-extern void decode();
/* from append.c */
-extern void start_indicator();
-extern void finish_indicator();
-extern void finish_indicator2();
+extern int encode_lzhuf(FILE *infp, FILE *outfp, long size, long *original_size_var, long *packed_size_var, char *name, char *hdr_method);
+extern void start_indicator(char *name, long size, char *msg, long def_indicator_threshold);
+extern void finish_indicator2(char *name, char *msg, int pcnt);
+extern void finish_indicator(char *name, char *msg);
+
+
+/* from huf.c */
+extern void output_st1(unsigned short c, unsigned short p);
+extern unsigned char *alloc_buf(void);
+extern void encode_start_st1(void);
+extern void encode_end_st1(void);
+extern unsigned short decode_c_st1(void);
+extern unsigned short decode_p_st1(void);
+extern void decode_start_st1(void);
-/* slide.c */
-extern void output_st1();
-extern unsigned char *alloc_buf();
-extern void encode_start_st1();
-extern void encode_end_st1();
-extern unsigned short decode_c_st1();
-extern unsigned short decode_p_st1();
-extern void decode_start_st1();
/* from shuf.c */
-extern void decode_start_st0();
-extern void encode_p_st0( /* unsigned short j */ );
-extern void encode_start_fix();
-extern void decode_start_fix();
-extern unsigned short decode_c_st0();
-extern unsigned short decode_p_st0();
+extern void decode_start_st0(void);
+extern void encode_p_st0(unsigned short j);
+extern void encode_start_fix(void);
+extern void decode_start_fix(void);
+extern unsigned short decode_c_st0(void);
+extern unsigned short decode_p_st0(void);
+
/* from dhuf.c */
-extern void start_c_dyn();
-extern void decode_start_dyn();
-extern unsigned short decode_c_dyn();
-extern unsigned short decode_p_dyn();
-extern void output_dyn( /* int code, unsigned int pos */ );
-extern void encode_end_dyn();
+extern void start_c_dyn(void);
+extern void decode_start_dyn(void);
+extern unsigned short decode_c_dyn(void);
+extern unsigned short decode_p_dyn(void);
+extern void output_dyn(unsigned int code, unsigned int pos);
+extern void encode_end_dyn(void);
-extern int decode_lzhuf();
/* from larc.c */
-
-extern unsigned short decode_c_lzs();
-extern unsigned short decode_p_lzs();
-extern unsigned short decode_c_lz5();
-extern unsigned short decode_p_lz5();
-extern void decode_start_lzs();
-extern void decode_start_lz5();
+extern unsigned short decode_c_lzs(void);
+extern unsigned short decode_p_lzs(void);
+extern void decode_start_lzs(void);
+extern unsigned short decode_c_lz5(void);
+extern unsigned short decode_p_lz5(void);
+extern void decode_start_lz5(void);
extern void make_table( /* int nchar, uchar bitlen[], int tablebits,
ushort table[] */ );
/* from maketree.c */
-/*
- * void make_code(short n, uchar len[], ushort code[]); short make_tree(short
- * nparm, ushort freqparm[], uchar lenparm[], ushort codeparam[]);
- */
-extern void make_code( /* int n, uchar len[], ushort code[] */ );
-extern short make_tree( /* int nparm, ushort freqparm[], uchar lenparm[],
- ushort codeparam[] */ );
+extern void make_code(int n, unsigned char len[], unsigned short code[]);
+extern short make_tree(int nparm, unsigned short freqparm[], unsigned char lenparm[], unsigned short codeparam[]);
+
/* from crcio.c */
-extern void make_crctable();
-extern unsigned short calccrc( /* uchar *p, uint n */ );
-extern void fillbuf( /* uchar n */ );
-extern unsigned short getbits( /* uchar n */ );
-extern void putcode( /* uchar n, ushort x */ );
-extern void putbits( /* uchar n, ushort x */ );
-extern int fread_crc( /* uchar *p, int n, FILE *f */ );
-extern void fwrite_crc( /* uchar *p, int n, FILE *f */ );
-extern void init_getbits();
-extern void init_putbits();
-extern void make_crctable();
-extern unsigned short calccrc();
+extern void make_crctable(void);
+extern unsigned short calccrc(unsigned char *p, unsigned int n);
+extern void fillbuf(unsigned char n);
+extern unsigned short getbits(unsigned char n);
+extern void putcode(unsigned char n, unsigned short x);
+extern void putbits(unsigned char n, unsigned short x);
+extern int fread_crc(unsigned char *p, int n, FILE *f);
+extern void fwrite_crc(unsigned char *p, int n, FILE *f);
+extern void init_code_cache(void);
+extern void init_getbits(void);
+extern void init_putbits(void);
+extern int fwrite_txt(unsigned char *p, int n, FILE *fp);
+extern int fread_txt(unsigned char *p, int n, FILE *fp);
+extern unsigned short calc_header_crc(unsigned char *p, unsigned int n);
+
/* from lhadd.c */
-extern int encode_lzhuf();
-extern int encode_stored_crc();
+extern void cmd_add(void);
+extern void cmd_delete(void);
+extern int strcmp_filename(char *str1, char *str2);
+
/* Local Variables: */
/* mode:c */

22
archivers/lha/files/patch-lha_macro.h Normal file
View file

@ -0,0 +1,22 @@
--- src/lha_macro.h.orig 2000-10-04 14:57:38 UTC
+++ src/lha_macro.h
@@ -53,9 +53,10 @@
#define SEEK_SET 0
#define SEEK_CUR 1
#define SEEK_END 2
-#endif /* SEEK_SET
+#endif /* SEEK_SET */
+#if 0
/* non-integral functions */
extern struct tm *localtime();
extern char *getenv();
@@ -69,6 +70,7 @@ extern char *realloc();
/* external variables */
extern int errno;
+#endif
#define FALSE 0
#define TRUE 1

37
archivers/lha/files/patch-lhadd.c
View file

@ -1,6 +1,29 @@
--- src/lhadd.c.orig Mon Jul 31 18:09:53 2000
+++ src/lhadd.c Mon Jul 31 18:14:20 2000
@@ -270,13 +270,35 @@
--- src/lhadd.c.orig 2000-10-04 14:57:38 UTC
+++ src/lhadd.c
@@ -75,7 +75,7 @@ add_one(fp, nafp, hdr)
/* ------------------------------------------------------------------------ */
-FILE *
+static FILE *
append_it(name, oafp, nafp)
char *name;
FILE *oafp, *nafp;
@@ -242,11 +242,12 @@ delete(oafp, nafp)
b2 = strtok(NULL, "|");
if (need_file(b1)) { /* skip */
fseek(oafp, ahdr.packed_size, SEEK_CUR);
- if (noexec || !quiet)
+ if (noexec || !quiet) {
if (b2 != NULL)
printf("delete %s -> %s\n", b1, b2);
else
printf("delete %s\n", b1);
+ }
}
else { /* copy */
if (noexec) {
@@ -270,13 +271,35 @@ build_temporary_file()
{
int old_umask;
FILE *afp;
@ -38,3 +61,11 @@
remove_temporary_at_error = TRUE;
temporary_fp = afp;
umask(old_umask);
@@ -340,6 +363,7 @@ temporary_to_new_archive_file(new_archiv
remove_temporary_at_error = FALSE;
}
#else
+void
temporary_to_new_archive_file(new_archive_size)
long new_archive_size;
{

21
archivers/lha/files/patch-lharc.c
View file

@ -1,15 +1,15 @@
--- src/lharc.c.orig Sun May 7 00:05:29 2000
+++ src/lharc.c Fri Jul 28 19:35:31 2000
@@ -889,6 +889,7 @@
/* */
--- src/lharc.c.orig 2000-10-05 17:33:34 UTC
+++ src/lharc.c
@@ -894,6 +894,7 @@ free_files(filec, filev)
/* */
/* ------------------------------------------------------------------------ */
/* Build temporary file name and store to TEMPORARY_NAME */
+#if !defined(__NetBSD__) && !defined(__FreeBSD__) && !defined(__OpenBSD__)
void
build_temporary_name()
{
@@ -912,7 +913,7 @@
mktemp(temporary_name);
@@ -925,7 +926,7 @@ build_temporary_name()
#endif
#endif
}
-
@ -17,3 +17,12 @@
/* ------------------------------------------------------------------------ */
static void
modify_filename_extention(buffer, ext)
@@ -1038,7 +1039,7 @@ open_old_archive()
else
return NULL;
}
- if (p = (char *) rindex(archive_name, '.')) {
+ if ((p = (char *) rindex(archive_name, '.'))) {
if (strucmp(".LZH", p) == 0
|| strucmp(".LZS", p) == 0
|| strucmp(".COM", p) == 0 /* DOS SFX */

12
archivers/lha/files/patch-lhdir.h Normal file
View file

@ -0,0 +1,12 @@
--- src/lhdir.h.orig 2000-10-04 14:57:38 UTC
+++ src/lhdir.h
@@ -30,6 +30,6 @@ typedef struct {
/* ------------------------------------------------------------------------ */
/* Functions */
/* ------------------------------------------------------------------------ */
-extern DIR *opendir();
-extern struct direct *readdir();
-extern int closedir();
+extern DIR *opendir(char *name);
+extern struct direct *readdir(register DIR *dirp);
+extern int closedir(DIR *dirp);

84
archivers/lha/files/patch-lhext.c Normal file
View file

@ -0,0 +1,84 @@
--- src/lhext.c.orig 2000-10-04 14:57:38 UTC
+++ src/lhext.c
@@ -143,13 +143,13 @@ adjust_info(name, hdr)
char *name;
LzHeader *hdr;
{
- time_t utimebuf[2];
+ struct utimbuf utimebuf;
/* adjust file stamp */
- utimebuf[0] = utimebuf[1] = hdr->unix_last_modified_stamp;
+ utimebuf.actime = utimebuf.modtime = hdr->unix_last_modified_stamp;
if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) != UNIX_FILE_SYMLINK)
- utime(name, utimebuf);
+ utime(name, &utimebuf);
if (hdr->extend_type == EXTEND_UNIX
|| hdr->extend_type == EXTEND_OS68K
@@ -190,8 +190,13 @@ extract_one(afp, hdr)
q = (char *) rindex(hdr->name, '/') + 1;
}
else {
+ if (is_directory_traversal(q)) {
+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
+ exit(111);
+ }
+
if (*q == '/') {
- q++;
+ while (*q == '/') { q++; }
/*
* if OSK then strip device name
*/
@@ -351,10 +356,13 @@ extract_one(afp, hdr)
}
unlink(bb1);
+ make_parent_path(bb1);
l_code = symlink(bb2, bb1);
if (l_code < 0) {
- if (quiet != TRUE)
- warning("Can't make Symbolic Link : ");
+ if (quiet != TRUE) {
+ sprintf(buf, "%s -> %s", bb1, bb2);
+ warning("Can't make Symbolic Link : ", buf);
+ }
}
if (quiet != TRUE) {
printf("Symbolic Link %s -> %s\n", bb1, bb2);
@@ -419,6 +427,33 @@ cmd_extract()
return;
}
+int
+is_directory_traversal(char *string)
+{
+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
+ char *temp;
+
+ temp = string;
+
+ while (*temp != 0) {
+ if (temp[0] == '/') {
+ if (type == 1) { return 1; }
+ type = 0;
+ temp++;
+ continue;
+ }
+
+ if ((temp[0] == '.') && (type < 2))
+ type = 1;
+ if (temp[0] != '.')
+ type = 2;
+
+ temp++;
+ } /* while */
+
+ return (type == 1);
+}
+
/* Local Variables: */
/* mode:c */
/* tab-width:4 */

46
archivers/lha/files/patch-lhlist.c Normal file
View file

@ -0,0 +1,46 @@
--- src/lhlist.c.orig 2000-10-04 14:57:38 UTC
+++ src/lhlist.c
@@ -28,9 +28,9 @@ print_size(packed_size, original_size)
long packed_size, original_size;
{
if (verbose_listing)
- printf("%7d ", packed_size);
+ printf("%7ld ", packed_size);
- printf("%7d ", original_size);
+ printf("%7ld ", original_size);
if (original_size == 0L)
printf("******");
@@ -236,25 +236,28 @@ list_one(hdr)
print_size(hdr->packed_size, hdr->original_size);
- if (verbose_listing)
+ if (verbose_listing) {
if (hdr->has_crc)
printf(" %s %04x", method, hdr->crc);
else
printf(" %s ****", method);
+ }
printf(" ");
print_stamp(hdr->unix_last_modified_stamp);
- if (!verbose)
+ if (!verbose) {
if ((mode & UNIX_FILE_SYMLINK) != UNIX_FILE_SYMLINK)
printf(" %s", hdr->name);
else {
char buf[256], *b1, *b2;
- strcpy(buf, hdr->name);
+ strncpy(buf, hdr->name, sizeof(buf));
+ buf[sizeof(buf)-1] = 0;
b1 = strtok(buf, "|");
b2 = strtok(NULL, "|");
printf(" %s -> %s", b1, b2);
}
+ }
if (verbose)
printf(" [%d]", hdr->header_level);

11
archivers/lha/files/patch-patmatch.c Normal file
View file

@ -0,0 +1,11 @@
--- src/patmatch.c.orig 2000-10-04 14:57:38 UTC
+++ src/patmatch.c
@@ -20,7 +20,7 @@ patmatch(p, s, f)
{
char pc; /* a single character from pattern */
- while (pc = ((f && islower(*p)) ? toupper(*p++) : *p++)) {
+ while ((pc = ((f && islower(*p)) ? toupper(*p++) : *p++))) {
if (pc == '*') {
do { /* look for match till s exhausted */
if (patmatch(p, s, f))

12
archivers/lha/files/patch-shuf.c Normal file
View file

@ -0,0 +1,12 @@
--- src/shuf.c.orig 2000-10-04 14:57:38 UTC
+++ src/shuf.c
@@ -38,8 +38,7 @@ decode_start_st0( /*void*/ )
/* ------------------------------------------------------------------------ */
void
-encode_p_st0(j)
- unsigned short j;
+encode_p_st0(unsigned short j)
{
unsigned short i;

10
archivers/lha/files/patch-symlink
View file

@ -1,10 +0,0 @@
--- src/lhext.c.symlink 2000-10-04 10:57:38.000000000 -0400
+++ src/lhext.c 2003-05-19 22:55:57.000000000 -0400
@@ -351,6 +351,7 @@ extract_one(afp, hdr)
}
unlink(bb1);
+ make_parent_path(bb1);
l_code = symlink(bb2, bb1);
if (l_code < 0) {
if (quiet != TRUE)

75
archivers/lha/files/patch-traversal
View file

@ -1,75 +0,0 @@
--- src/header.c.old 2000-10-05 19:36:03.000000000 +0200
+++ src/header.c 2004-04-17 23:55:54.000000000 +0200
@@ -538,6 +538,10 @@
/*
* filename
*/
+ if (header_size >= 256) {
+ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");
+ exit(109);
+ }
for (i = 0; i < header_size - 3; i++)
hdr->name[i] = (char) get_byte();
hdr->name[header_size - 3] = '\0';
@@ -547,6 +551,10 @@
/*
* directory
*/
+ if (header_size >= FILENAME_LENGTH) {
+ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");
+ exit(110);
+ }
for (i = 0; i < header_size - 3; i++)
dirname[i] = (char) get_byte();
dirname[header_size - 3] = '\0';
--- src/lhext.c.old 2000-10-04 16:57:38.000000000 +0200
+++ src/lhext.c 2004-04-18 01:27:44.000000000 +0200
@@ -190,8 +190,13 @@
q = (char *) rindex(hdr->name, '/') + 1;
}
else {
+ if (is_directory_traversal(q)) {
+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q);
+ exit(111);
+ }
+
if (*q == '/') {
- q++;
+ while (*q == '/') { q++; }
/*
* if OSK then strip device name
*/
@@ -419,6 +424,33 @@
return;
}
+int
+is_directory_traversal(char *string)
+{
+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */
+ char *temp;
+
+ temp = string;
+
+ while (*temp != 0) {
+ if (temp[0] == '/') {
+ if (type == 1) { return 1; }
+ type = 0;
+ temp++;
+ continue;
+ }
+
+ if ((temp[0] == '.') && (type < 2))
+ type = 1;
+ if (temp[0] != '.')
+ type = 2;
+
+ temp++;
+ } /* while */
+
+ return (type == 1);
+}
+
/* Local Variables: */
/* mode:c */
/* tab-width:4 */

67
archivers/lha/files/patch-util.c Normal file
View file

@ -0,0 +1,67 @@
--- src/util.c.orig 2000-10-04 14:57:38 UTC
+++ src/util.c
@@ -28,10 +28,10 @@ copyfile(f1, f2, size, crc_flg) /* retur
* append */
{
unsigned short xsize;
- char *buf;
+ unsigned char *buf;
long rsize = 0;
- if ((buf = (char *) malloc(BUFFERSIZE)) == NULL)
+ if ((buf = (unsigned char *) malloc(BUFFERSIZE)) == NULL)
fatal_error("virtual memory exhausted.\n");
crc = 0;
if ((crc_flg == 2 || crc_flg) && text_mode)
@@ -100,9 +100,7 @@ encode_stored_crc(ifp, ofp, size, origin
erreturns *filename */
/* ------------------------------------------------------------------------ */
unsigned char *
-convdelim(path, delim)
- unsigned char *path;
- unsigned char delim;
+convdelim(unsigned char *path, unsigned char delim)
{
unsigned char c;
unsigned char *p;
@@ -276,21 +274,27 @@ rmdir(path)
char *path;
{
int stat, rtn = 0;
- char *cmdname;
- if ((cmdname = (char *) malloc(strlen(RMDIRPATH) + 1 + strlen(path) + 1))
- == 0)
+ pid_t child;
+
+
+ /* XXX thomas: shell meta chars in path could exec commands */
+ /* therefore we should avoid using system() */
+ if ((child = fork()) < 0)
+ return (-1); /* fork error */
+ else if (child) { /* parent process */
+ while (child != wait(&stat)) /* ignore signals */
+ continue;
+ }
+ else { /* child process */
+ execl(RMDIRPATH, "rmdir", path, (char *) 0);
+ /* never come here except execl is error */
return (-1);
- strcpy(cmdname, RMDIRPATH);
- *(cmdname + strlen(RMDIRPATH)) = ' ';
- strcpy(cmdname + strlen(RMDIRPATH) + 1, path);
- if ((stat = system(cmdname)) < 0)
- rtn = -1; /* fork or exec error */
- else if (stat) { /* RMDIR command error */
- errno = EIO;
- rtn = -1;
}
- free(cmdname);
- return (rtn);
+ if (stat != 0) {
+ errno = EIO; /* cannot get error num. */
+ return (-1);
+ }
+ return (0);
}
/* ------------------------------------------------------------------------ */