diff -ur pax-20090728/file_subs.c pax-20090728.modified/file_subs.c
--- pax-20090728/file_subs.c 2009-07-28 17:38:28.000000000 +0000
-+++ pax-20090728.modified/file_subs.c 2011-10-15 12:56:46.000000000 +0000
++++ pax-20090728.modified/file_subs.c 2011-10-31 17:39:17.000000000 +0000
@@ -351,7 +351,7 @@
int pass = 0;
mode_t file_mode;
+ }
len = readlink(nm, target,
- sizeof target - 1);
-+ sb.st_size);
++ sb.st_size + 1);
if (len == -1) {
syswarn(0, errno,
"cannot follow symlink %s in chain for %s",
-@@ -411,6 +418,7 @@
+@@ -383,6 +390,14 @@
+ res = -1;
+ goto badlink;
+ }
++ if (len > sb.st_size) {
++ syswarn(0, errno,
++ "symlink %s increased in size between lstat() and readlink() for %s",
++ nm, arcn->name);
++
++ res = -1;
++ goto badlink;
++ }
+ target[len] = '\0';
+ nm = target;
+ }
+@@ -411,6 +426,7 @@
paxwarn(0,
"%s skipped. Sockets cannot be copied or extracted",
nm);
return(-1);
case PAX_SLK:
res = symlink(arcn->ln_name, nm);
-@@ -425,6 +433,7 @@
+@@ -425,6 +441,7 @@
*/
paxwarn(0, "%s has an unknown file type, skipping",
nm);
return(-1);
}
-@@ -440,14 +449,17 @@
+@@ -440,14 +457,17 @@
* we failed to make the node
*/
oerrno = errno;
return(-1);
}
}
-@@ -465,8 +477,10 @@
+@@ -465,8 +485,10 @@
/*
* symlinks are done now.
*/
/*
* IMPORTANT SECURITY NOTE:
-@@ -517,6 +531,7 @@
+@@ -517,6 +539,7 @@
if (patime || pmtime)
set_ftime(nm, arcn->sb.st_mtime, arcn->sb.st_atime, 0);
diff -ur pax-20090728/tables.c pax-20090728.modified/tables.c
--- pax-20090728/tables.c 2009-07-28 17:38:28.000000000 +0000
-+++ pax-20090728.modified/tables.c 2011-10-15 13:39:29.000000000 +0000
++++ pax-20090728.modified/tables.c 2011-10-31 17:17:26.000000000 +0000
@@ -55,6 +55,7 @@
#include "pax.h"
#include "tables.h"
#include "extern.h"
-+#include "features.h"
++#include <unistd.h>
/*
* Routines for controlling the contents of all the different databases pax
add_dir(char *name, struct stat *psb, int frc_mode)
{
DIRDATA *dblk;
-+#if (_POSIX_C_SOURCE - 0) >= 200809L
++#if (_POSIX_VERSION >= 200809L)
+ char *rp = NULL;
+#else
char realname[MAXPATHLEN], *rp;
return;
if (havechd && *name != '/') {
-+#if (_POSIX_C_SOURCE - 0) >= 200809L
++#if (_POSIX_VERSION >= 200809L)
+ if ((rp = realpath(name, NULL)) == NULL) {
+#else
if ((rp = realpath(name, realname)) == NULL) {
if (dblk == NULL) {
paxwarn(1, "Unable to store mode and times for created"
" directory: %s", name);
-+#if (_POSIX_C_SOURCE - 0) >= 200809L
++#if (_POSIX_VERSION >= 200809L)
+ free(rp);
+#endif
return;
if ((dblk->name = strdup(name)) == NULL) {
paxwarn(1, "Unable to store mode and times for created"
" directory: %s", name);
-+#if (_POSIX_C_SOURCE - 0) >= 200809L
++#if (_POSIX_VERSION >= 200809L)
+ free(rp);
+#endif
return;
dblk->atime = psb->st_atime;
dblk->frc_mode = frc_mode;
++dircnt;
-+#if (_POSIX_C_SOURCE - 0) >= 200809L
++#if (_POSIX_VERSION >= 200809L)
+ free(rp);
+#endif
}
projects / debian / pax / commitdiff