Date: Sat, 11 Feb 2017 08:00:51 +0000 (UTC) From: Dirk Meyer <dinoex@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r433839 - in head/archivers/lha: . files Message-ID: <201702110800.v1B80p0k038126@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dinoex Date: Sat Feb 11 08:00:51 2017 New Revision: 433839 URL: https://svnweb.freebsd.org/changeset/ports/433839 Log: - fix C warnings - split patches - make portlint happier Added: head/archivers/lha/files/patch-crcio.c (contents, props changed) head/archivers/lha/files/patch-header.c - copied, changed from r433838, head/archivers/lha/files/patch-traversal head/archivers/lha/files/patch-huf.c (contents, props changed) head/archivers/lha/files/patch-lha_macro.h - copied, changed from r433774, head/archivers/lha/files/patch-command_buffer head/archivers/lha/files/patch-lhdir.h (contents, props changed) head/archivers/lha/files/patch-lhext.c - copied, changed from r433838, head/archivers/lha/files/patch-command_buffer head/archivers/lha/files/patch-lhlist.c - copied, changed from r433774, head/archivers/lha/files/patch-command_buffer head/archivers/lha/files/patch-patmatch.c (contents, props changed) head/archivers/lha/files/patch-shuf.c (contents, props changed) head/archivers/lha/files/patch-util.c - copied, changed from r433774, head/archivers/lha/files/patch-command_buffer Deleted: head/archivers/lha/files/patch-command_buffer head/archivers/lha/files/patch-dir_length_bounds_check head/archivers/lha/files/patch-symlink head/archivers/lha/files/patch-traversal Modified: head/archivers/lha/Makefile head/archivers/lha/files/patch-Makefile head/archivers/lha/files/patch-lha.h head/archivers/lha/files/patch-lhadd.c head/archivers/lha/files/patch-lharc.c Modified: head/archivers/lha/Makefile ============================================================================== --- head/archivers/lha/Makefile Sat Feb 11 07:26:52 2017 (r433838) +++ head/archivers/lha/Makefile Sat Feb 11 08:00:51 2017 (r433839) @@ -3,7 +3,7 @@ PORTNAME= lha PORTVERSION= 1.14i -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= archivers MASTER_SITES= http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ DISTNAME= ${PORTNAME}-${PORTVERSION:S/.//} Modified: head/archivers/lha/files/patch-Makefile ============================================================================== --- head/archivers/lha/files/patch-Makefile Sat Feb 11 07:26:52 2017 (r433838) +++ head/archivers/lha/files/patch-Makefile Sat Feb 11 08:00:51 2017 (r433839) @@ -1,5 +1,5 @@ ---- Makefile.orig Fri Dec 15 14:13:16 2000 -+++ Makefile Sun Jul 21 17:24:46 2002 +--- Makefile.orig 2000-12-15 12:13:16 UTC ++++ Makefile @@ -10,28 +10,36 @@ # SWITCHES macro definitions ... see config.eng or config.jpn. #----------------------------------------------------------------------- Added: head/archivers/lha/files/patch-crcio.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/lha/files/patch-crcio.c Sat Feb 11 08:00:51 2017 (r433839) @@ -0,0 +1,53 @@ +--- src/crcio.c.orig 2000-10-04 14:57:38 UTC ++++ src/crcio.c +@@ -66,8 +66,7 @@ calccrc(p, n) + + /* ------------------------------------------------------------------------ */ + void +-fillbuf(n) /* Shift bitbuf n bits left, read n bits */ +- unsigned char n; ++fillbuf(unsigned char n) /* Shift bitbuf n bits left, read n bits */ + { + while (n > bitcount) { + n -= bitcount; +@@ -87,8 +86,7 @@ fillbuf(n) /* Shift bitbuf n bits left + + /* ------------------------------------------------------------------------ */ + unsigned short +-getbits(n) +- unsigned char n; ++getbits(unsigned char n) + { + unsigned short x; + +@@ -99,9 +97,7 @@ getbits(n) + + /* ------------------------------------------------------------------------ */ + void +-putcode(n, x) /* Write rightmost n bits of x */ +- unsigned char n; +- unsigned short x; ++putcode(unsigned char n, unsigned short x) /* Write rightmost n bits of x */ + { + while (n >= bitcount) { + n -= bitcount; +@@ -126,9 +122,7 @@ putcode(n, x) /* Write rightmost n bit + + /* ------------------------------------------------------------------------ */ + void +-putbits(n, x) /* Write rightmost n bits of x */ +- unsigned char n; +- unsigned short x; ++putbits(unsigned char n, unsigned short x) /* Write rightmost n bits of x */ + { + x <<= USHRT_BIT - n; + while (n >= bitcount) { +@@ -308,7 +302,7 @@ fread_txt(p, n, fp) + c = '\r'; + } + #ifdef EUC +- else if (euc_mode && (c == 0x8E || 0xA0 < c && c < 0xFF)) { ++ else if (euc_mode && (c == 0x8E || (0xA0 < c && c < 0xFF))) { + int d = fgetc(fp); + if (d == EOF) { + *p++ = c; Copied and modified: head/archivers/lha/files/patch-header.c (from r433838, head/archivers/lha/files/patch-traversal) ============================================================================== --- head/archivers/lha/files/patch-traversal Sat Feb 11 07:26:52 2017 (r433838, copy source) +++ head/archivers/lha/files/patch-header.c Sat Feb 11 08:00:51 2017 (r433839) @@ -1,6 +1,17 @@ ---- src/header.c.old 2000-10-05 19:36:03.000000000 +0200 -+++ src/header.c 2004-04-17 23:55:54.000000000 +0200 -@@ -538,6 +538,10 @@ +--- src/header.c.orig 2000-10-05 17:36:03 UTC ++++ src/header.c +@@ -320,8 +320,8 @@ generic_to_unix_stamp(t) + dostm.tm_min = t >> 5 & 0x3f; + dostm.tm_hour = t >> 11 & 0x1f; + dostm.tm_mday = t >> 16 & 0x1f; +- dostm.tm_mon = (t >> 16 + 5 & 0x0f) - 1; /* 0..11 */ +- dostm.tm_year = (t >> 16 + 9 & 0x7f) + 80; ++ dostm.tm_mon = (t >> (16 + 5) & 0x0f) - 1; /* 0..11 */ ++ dostm.tm_year = (t >> (16 + 9) & 0x7f) + 80; + #if 0 + dostm.tm_isdst = 0; /* correct? */ + #endif +@@ -538,6 +538,10 @@ get_header(fp, hdr) /* * filename */ @@ -11,7 +22,7 @@ for (i = 0; i < header_size - 3; i++) hdr->name[i] = (char) get_byte(); hdr->name[header_size - 3] = '\0'; -@@ -547,6 +551,10 @@ +@@ -547,6 +551,10 @@ get_header(fp, hdr) /* * directory */ @@ -22,54 +33,48 @@ for (i = 0; i < header_size - 3; i++) dirname[i] = (char) get_byte(); dirname[header_size - 3] = '\0'; ---- src/lhext.c.old 2000-10-04 16:57:38.000000000 +0200 -+++ src/lhext.c 2004-04-18 01:27:44.000000000 +0200 -@@ -190,8 +190,13 @@ - q = (char *) rindex(hdr->name, '/') + 1; +@@ -648,8 +656,16 @@ get_header(fp, hdr) } - else { -+ if (is_directory_traversal(q)) { -+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q); -+ exit(111); + + if (dir_length) { ++ if ((dir_length + name_length) >= sizeof(dirname)) { ++ fprintf(stderr, "Insufficient buffer size\n"); ++ exit(112); ++ } + strcat(dirname, hdr->name); +- strcpy(hdr->name, dirname); ++ if ((dir_length + name_length) >= sizeof(hdr->name)) { ++ fprintf(stderr, "Insufficient buffer size\n"); ++ exit(112); + } -+ - if (*q == '/') { -- q++; -+ while (*q == '/') { q++; } - /* - * if OSK then strip device name - */ -@@ -419,6 +424,33 @@ - return; - } ++ strncpy(hdr->name, dirname, sizeof(hdr->name)); + name_length += dir_length; + } + +@@ -754,7 +770,7 @@ write_header(nafp, hdr) + + convdelim(hdr->name, DELIM2); + if (hdr->header_level != HEADER_LEVEL2) { +- if (p = (char *) rindex(hdr->name, DELIM2)) ++ if ((p = (char *) rindex(hdr->name, DELIM2))) + name_length = strlen(++p); + else + name_length = strlen(hdr->name); +@@ -812,7 +828,7 @@ write_header(nafp, hdr) + put_word(hdr->unix_gid); + put_word(hdr->unix_uid); + +- if (p = (char *) rindex(hdr->name, DELIM2)) { ++ if ((p = (char *) rindex(hdr->name, DELIM2))) { + int i; -+int -+is_directory_traversal(char *string) -+{ -+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */ -+ char *temp; -+ -+ temp = string; -+ -+ while (*temp != 0) { -+ if (temp[0] == '/') { -+ if (type == 1) { return 1; } -+ type = 0; -+ temp++; -+ continue; -+ } -+ -+ if ((temp[0] == '.') && (type < 2)) -+ type = 1; -+ if (temp[0] != '.') -+ type = 2; -+ -+ temp++; -+ } /* while */ -+ -+ return (type == 1); -+} -+ - /* Local Variables: */ - /* mode:c */ - /* tab-width:4 */ + name_length = p - hdr->name + 1; +@@ -838,7 +854,7 @@ write_header(nafp, hdr) + data[I_HEADER_CHECKSUM] = calc_sum(data + I_METHOD, header_size); + } else { /* header level 2 */ + int i; +- if (p = (char *) rindex(hdr->name, DELIM2)) ++ if ((p = (char *) rindex(hdr->name, DELIM2))) + name_length = strlen(++p); + else { + p = hdr->name; Added: head/archivers/lha/files/patch-huf.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/lha/files/patch-huf.c Sat Feb 11 08:00:51 2017 (r433839) @@ -0,0 +1,13 @@ +--- src/huf.c.orig 2000-10-05 17:35:49 UTC ++++ src/huf.c +@@ -219,9 +219,7 @@ send_block( /* void */ ) + + /* ------------------------------------------------------------------------ */ + void +-output_st1(c, p) +- unsigned short c; +- unsigned short p; ++output_st1(unsigned short c, unsigned short p) + { + static unsigned short cpos; + Modified: head/archivers/lha/files/patch-lha.h ============================================================================== --- head/archivers/lha/files/patch-lha.h Sat Feb 11 07:26:52 2017 (r433838) +++ head/archivers/lha/files/patch-lha.h Sat Feb 11 08:00:51 2017 (r433839) @@ -1,7 +1,6 @@ -diff -ru src.orig/lha.h src/lha.h ---- src.orig/lha.h Thu Oct 5 10:35:38 2000 -+++ src/lha.h Sun May 11 00:31:53 2003 -@@ -11,6 +11,7 @@ +--- src/lha.h.orig 2000-10-05 17:35:38 UTC ++++ src/lha.h +@@ -11,11 +11,14 @@ lharc.h interface.h slidehuf.h */ #include <stdio.h> @@ -9,3 +8,255 @@ diff -ru src.orig/lha.h src/lha.h #include <errno.h> #include <ctype.h> #include <sys/types.h> + #include <sys/file.h> + #include <sys/stat.h> ++#include <unistd.h> ++#include <utime.h> + + #include <signal.h> + +@@ -135,6 +138,7 @@ EXTERN char temporary_name[FILENAME_ + EXTERN char backup_archive_name[FILENAME_LENGTH]; + + EXTERN char *reading_filename, *writting_filename; ++EXTERN char *extract_directory; + + /* 1996.8.13 t.okamoto */ + #if 0 +@@ -191,128 +195,147 @@ EXTERN FILE *temporary_fp; + /* ------------------------------------------------------------------------ */ + /* Functions */ + /* ------------------------------------------------------------------------ */ ++ ++/* from patmatch.c */ ++extern int patmatch(register char *p, register char *s, int f); ++ ++ + /* from lharc.c */ +-extern int patmatch(); ++extern void message(char *subject, char *name); ++extern void warning(char *subject, char *name); ++extern void error(char *subject, char *msg); ++extern void fatal_error(char *msg); + +-extern void interrupt(); ++extern void interrupt(int signo); + +-extern void message(); +-extern void warning(); +-extern void error(); +-extern void fatal_error(); ++extern void init_sp(struct string_pool *sp); ++extern void add_sp(struct string_pool *sp, char *name, int len); ++extern void finish_sp(register struct string_pool *sp, int *v_count, char ***v_vector); ++extern void free_sp(char **vector); + +-extern boolean need_file(); +-extern int inquire(); +-extern FILE *xfopen(); ++extern void cleaning_files(int *v_filec, char ***v_filev); ++extern boolean find_files(char *name, int *v_filec, char ***v_filev); ++extern void free_files(int filec, char **filev); + +-extern boolean find_files(); +-extern void free_files(); ++extern void build_temporary_name(void); ++extern void build_backup_name(char *buffer, char *original); ++extern void build_standard_archive_name(char *buffer, char *original); ++extern boolean need_file(char *name); ++extern FILE *xfopen(char *name, char *mode); ++extern FILE *open_old_archive(void); + +-extern void init_sp(); +-extern void add_sp(); +-extern void finish_sp(); +-extern void free_sp(); +-extern void cleaning_files(); ++extern int inquire(char *msg, char *name, char *selective); ++extern void write_archive_tail(FILE *nafp); ++extern void copy_old_one(FILE *oafp, FILE *nafp, LzHeader *hdr); + +-extern void build_temporary_name(); +-extern void build_backup_file_name(); +-extern void build_standard_archive_name(); + +-extern FILE *open_old_archive(); +-extern void init_header(); +-extern boolean get_header(); +-extern boolean archive_is_msdos_sfx1(); +-extern boolean skip_msdos_sfx1_code(); +-extern void write_header(); +-extern void write_archive_tail(); +-extern void copy_old_one(); +-extern unsigned char *convdelim(); +-extern long copyfile(); ++/* from header.c */ ++extern int calc_sum(register char *p, register int len); ++extern boolean get_header(FILE *fp, register LzHeader *hdr); ++extern void init_header(char *name, struct stat *v_stat, LzHeader *hdr); ++extern void write_header(FILE *nafp, LzHeader *hdr); + +-extern void cmd_list(), cmd_extract(), cmd_add(), cmd_delete(); + +-extern boolean ignore_directory; +-extern boolean compress_method; +-extern boolean verify_mode; ++/* from util.c */ ++extern long copyfile(FILE *f1, FILE *f2, long size, int crc_flg); ++extern int encode_stored_crc(FILE *ifp, FILE *ofp, long size, long *original_size_var, long *write_size_var); ++extern unsigned char *convdelim(unsigned char *path, unsigned char delim); ++extern boolean archive_is_msdos_sfx1(char *name); ++extern boolean skip_msdos_sfx1_code(FILE *fp); ++ ++ ++/* from lhlist.c */ ++extern void cmd_list(void); ++ ++ ++/* from lhext.c */ ++extern void cmd_extract(void); ++extern int is_directory_traversal(char *string); ++ ++ ++/* from extrac.c */ ++extern int decode_lzhuf(FILE *infp, FILE *outfp, long original_size, long packed_size, char *name, int method); + +-extern char *extract_directory; + + /* from slide.c */ ++extern int encode_alloc(int method); ++extern void encode(struct interfacing *interface); ++extern void decode(struct interfacing *interface); + +-extern int encode_alloc(); +-extern void encode(); +-extern void decode(); + + /* from append.c */ +-extern void start_indicator(); +-extern void finish_indicator(); +-extern void finish_indicator2(); ++extern int encode_lzhuf(FILE *infp, FILE *outfp, long size, long *original_size_var, long *packed_size_var, char *name, char *hdr_method); ++extern void start_indicator(char *name, long size, char *msg, long def_indicator_threshold); ++extern void finish_indicator2(char *name, char *msg, int pcnt); ++extern void finish_indicator(char *name, char *msg); ++ ++ ++/* from huf.c */ ++extern void output_st1(unsigned short c, unsigned short p); ++extern unsigned char *alloc_buf(void); ++extern void encode_start_st1(void); ++extern void encode_end_st1(void); ++extern unsigned short decode_c_st1(void); ++extern unsigned short decode_p_st1(void); ++extern void decode_start_st1(void); + +-/* slide.c */ +-extern void output_st1(); +-extern unsigned char *alloc_buf(); +-extern void encode_start_st1(); +-extern void encode_end_st1(); +-extern unsigned short decode_c_st1(); +-extern unsigned short decode_p_st1(); +-extern void decode_start_st1(); + + /* from shuf.c */ +-extern void decode_start_st0(); +-extern void encode_p_st0( /* unsigned short j */ ); +-extern void encode_start_fix(); +-extern void decode_start_fix(); +-extern unsigned short decode_c_st0(); +-extern unsigned short decode_p_st0(); ++extern void decode_start_st0(void); ++extern void encode_p_st0(unsigned short j); ++extern void encode_start_fix(void); ++extern void decode_start_fix(void); ++extern unsigned short decode_c_st0(void); ++extern unsigned short decode_p_st0(void); ++ + + /* from dhuf.c */ +-extern void start_c_dyn(); +-extern void decode_start_dyn(); +-extern unsigned short decode_c_dyn(); +-extern unsigned short decode_p_dyn(); +-extern void output_dyn( /* int code, unsigned int pos */ ); +-extern void encode_end_dyn(); ++extern void start_c_dyn(void); ++extern void decode_start_dyn(void); ++extern unsigned short decode_c_dyn(void); ++extern unsigned short decode_p_dyn(void); ++extern void output_dyn(unsigned int code, unsigned int pos); ++extern void encode_end_dyn(void); + +-extern int decode_lzhuf(); + + /* from larc.c */ +- +-extern unsigned short decode_c_lzs(); +-extern unsigned short decode_p_lzs(); +-extern unsigned short decode_c_lz5(); +-extern unsigned short decode_p_lz5(); +-extern void decode_start_lzs(); +-extern void decode_start_lz5(); ++extern unsigned short decode_c_lzs(void); ++extern unsigned short decode_p_lzs(void); ++extern void decode_start_lzs(void); ++extern unsigned short decode_c_lz5(void); ++extern unsigned short decode_p_lz5(void); ++extern void decode_start_lz5(void); + + extern void make_table( /* int nchar, uchar bitlen[], int tablebits, + ushort table[] */ ); + + /* from maketree.c */ +-/* +- * void make_code(short n, uchar len[], ushort code[]); short make_tree(short +- * nparm, ushort freqparm[], uchar lenparm[], ushort codeparam[]); +- */ +-extern void make_code( /* int n, uchar len[], ushort code[] */ ); +-extern short make_tree( /* int nparm, ushort freqparm[], uchar lenparm[], +- ushort codeparam[] */ ); ++extern void make_code(int n, unsigned char len[], unsigned short code[]); ++extern short make_tree(int nparm, unsigned short freqparm[], unsigned char lenparm[], unsigned short codeparam[]); ++ + + /* from crcio.c */ +-extern void make_crctable(); +-extern unsigned short calccrc( /* uchar *p, uint n */ ); +-extern void fillbuf( /* uchar n */ ); +-extern unsigned short getbits( /* uchar n */ ); +-extern void putcode( /* uchar n, ushort x */ ); +-extern void putbits( /* uchar n, ushort x */ ); +-extern int fread_crc( /* uchar *p, int n, FILE *f */ ); +-extern void fwrite_crc( /* uchar *p, int n, FILE *f */ ); +-extern void init_getbits(); +-extern void init_putbits(); +-extern void make_crctable(); +-extern unsigned short calccrc(); ++extern void make_crctable(void); ++extern unsigned short calccrc(unsigned char *p, unsigned int n); ++extern void fillbuf(unsigned char n); ++extern unsigned short getbits(unsigned char n); ++extern void putcode(unsigned char n, unsigned short x); ++extern void putbits(unsigned char n, unsigned short x); ++extern int fread_crc(unsigned char *p, int n, FILE *f); ++extern void fwrite_crc(unsigned char *p, int n, FILE *f); ++extern void init_code_cache(void); ++extern void init_getbits(void); ++extern void init_putbits(void); ++extern int fwrite_txt(unsigned char *p, int n, FILE *fp); ++extern int fread_txt(unsigned char *p, int n, FILE *fp); ++extern unsigned short calc_header_crc(unsigned char *p, unsigned int n); ++ + + /* from lhadd.c */ +-extern int encode_lzhuf(); +-extern int encode_stored_crc(); ++extern void cmd_add(void); ++extern void cmd_delete(void); ++extern int strcmp_filename(char *str1, char *str2); ++ + + /* Local Variables: */ + /* mode:c */ Copied and modified: head/archivers/lha/files/patch-lha_macro.h (from r433774, head/archivers/lha/files/patch-command_buffer) ============================================================================== --- head/archivers/lha/files/patch-command_buffer Thu Feb 9 21:49:33 2017 (r433774, copy source) +++ head/archivers/lha/files/patch-lha_macro.h Sat Feb 11 08:00:51 2017 (r433839) @@ -1,7 +1,6 @@ -diff -urNp src/lha_macro.h.orig lha-114i/src/lha_macro.h ---- src/lha_macro.h.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/lha_macro.h 2004-08-03 15:54:05.000000000 -0500 -@@ -53,7 +53,7 @@ +--- src/lha_macro.h.orig 2000-10-04 14:57:38 UTC ++++ src/lha_macro.h +@@ -53,9 +53,10 @@ #define SEEK_SET 0 #define SEEK_CUR 1 #define SEEK_END 2 @@ -9,188 +8,15 @@ diff -urNp src/lha_macro.h.orig lha-114i +#endif /* SEEK_SET */ ++#if 0 /* non-integral functions */ -diff -urNp src/lharc.c.orig lha-114i/src/lharc.c ---- src/lharc.c.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/lharc.c 2004-08-03 15:54:05.000000000 -0500 -@@ -830,9 +830,10 @@ find_files(name, v_filec, v_filev) - DIRENTRY *dp; - struct stat tmp_stbuf, arc_stbuf, fil_stbuf; + extern struct tm *localtime(); + extern char *getenv(); +@@ -69,6 +70,7 @@ extern char *realloc(); + + /* external variables */ + extern int errno; ++#endif -- strcpy(newname, name); -+ strncpy(newname, name, sizeof(newname)); -+ newname[sizeof(newname)-1] = 0; - len = strlen(name); -- if (len > 0 && newname[len - 1] != '/') -+ if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1)) - newname[len++] = '/'; - - dirp = opendir(name); -@@ -846,6 +847,11 @@ find_files(name, v_filec, v_filev) - - for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) { - n = NAMLEN(dp); -+ if (len >= (sizeof(newname)-1) || -+ (len+n) >= (sizeof(newname)-1) || -+ n <= 0 || -+ (len+n) <= 0) -+ break; - strncpy(newname + len, dp->d_name, n); - newname[len + n] = '\0'; - if (GETSTAT(newname, &fil_stbuf) < 0) -@@ -903,7 +909,8 @@ build_temporary_name() - strcpy(temporary_name, TMP_FILENAME_TEMPLATE); - } - else { -- sprintf(temporary_name, "%s/lhXXXXXX", extract_directory); -+ snprintf(temporary_name, sizeof(temporary_name), -+ "%s/lhXXXXXX", extract_directory); - } - #ifdef MKSTEMP - mkstemp(temporary_name); -@@ -913,10 +920,16 @@ build_temporary_name() - #else - char *p, *s; - -- strcpy(temporary_name, archive_name); -+ strncpy(temporary_name, archive_name, sizeof(temporary_name)); -+ temporary_name[sizeof(temporary_name)-1] = 0; - for (p = temporary_name, s = (char *) 0; *p; p++) - if (*p == '/') - s = p; -+ -+ if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1 -+ <= strlen("lhXXXXXX")) -+ exit(-1); -+ - strcpy((s ? s + 1 : temporary_name), "lhXXXXXX"); - #ifdef MKSTEMP - mkstemp(temporary_name); -@@ -1052,7 +1065,8 @@ open_old_archive() - - if (open_old_archive_1(archive_name, &fp)) - return fp; -- sprintf(expanded_archive_name, "%s.lzh", archive_name); -+ snprintf(expanded_archive_name, sizeof(expanded_archive_name), -+ "%s.lzh", archive_name); - if (open_old_archive_1(expanded_archive_name, &fp)) { - archive_name = expanded_archive_name; - return fp; -@@ -1061,7 +1075,8 @@ open_old_archive() - * if ( (errno&0xffff)!=E_PNNF ) { archive_name = - * expanded_archive_name; return NULL; } - */ -- sprintf(expanded_archive_name, "%s.lzs", archive_name); -+ snprintf(expanded_archive_name, sizeof(expanded_archive_name), -+ "%s.lzs", archive_name); - if (open_old_archive_1(expanded_archive_name, &fp)) { - archive_name = expanded_archive_name; - return fp; -diff -urNp src/lhext.c.orig lha-114i/src/lhext.c ---- src/lhext.c.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/lhext.c 2004-08-03 15:55:40.000000000 -0500 -@@ -82,7 +82,8 @@ make_parent_path(name) - register char *p; - - /* make parent directory name into PATH for recursive call */ -- strcpy(path, name); -+ memset(path, 0, sizeof(path)); -+ strncpy(path, name, sizeof(path)-1); - for (p = path + strlen(path); p > path; p--) - if (p[-1] == '/') { - *--p = '\0'; -@@ -212,9 +213,11 @@ extract_one(afp, hdr) - } - - if (extract_directory) -- sprintf(name, "%s/%s", extract_directory, q); -- else -- strcpy(name, q); -+ snprintf(name, sizeof(name), "%s/%s", extract_directory, q); -+ else { -+ strncpy(name, q, sizeof(name)); -+ name[sizeof(name) - 1] = '\0'; -+ } - - - /* LZHDIRS_METHOD�����ĥإå��������å����� */ -@@ -335,7 +338,8 @@ extract_one(afp, hdr) - if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) == UNIX_FILE_SYMLINK) { - char buf[256], *bb1, *bb2; - int l_code; -- strcpy(buf, name); -+ strncpy(buf, name, sizeof(buf)); -+ buf[sizeof(buf)-1] = 0; - bb1 = strtok(buf, "|"); - bb2 = strtok(NULL, "|"); - -@@ -365,9 +369,10 @@ extract_one(afp, hdr) - if (quiet != TRUE) { - printf("Symbolic Link %s -> %s\n", bb1, bb2); - } -- strcpy(name, bb1); /* Symbolic's name set */ -+ strncpy(name, bb1, 255); /* Symbolic's name set */ -+ name[255] = 0; - #else -- sprintf(buf, "%s -> %s", bb1, bb2); -+ snprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2); - warning("Can't make Symbolic Link", buf); - return; - #endif -diff -urNp src/lhlist.c.orig lha-114i/src/lhlist.c ---- src/lhlist.c.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/lhlist.c 2004-08-03 15:54:05.000000000 -0500 -@@ -250,7 +250,8 @@ list_one(hdr) - printf(" %s", hdr->name); - else { - char buf[256], *b1, *b2; -- strcpy(buf, hdr->name); -+ strncpy(buf, hdr->name, sizeof(buf)); -+ buf[sizeof(buf)-1] = 0; - b1 = strtok(buf, "|"); - b2 = strtok(NULL, "|"); - printf(" %s -> %s", b1, b2); -diff -urNp src/util.c.orig lha-114i/src/util.c ---- src/util.c.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/util.c 2004-08-03 15:54:05.000000000 -0500 -@@ -276,21 +276,27 @@ rmdir(path) - char *path; - { - int stat, rtn = 0; -- char *cmdname; -- if ((cmdname = (char *) malloc(strlen(RMDIRPATH) + 1 + strlen(path) + 1)) -- == 0) -+ pid_t child; -+ -+ -+ /* XXX thomas: shell meta chars in path could exec commands */ -+ /* therefore we should avoid using system() */ -+ if ((child = fork()) < 0) -+ return (-1); /* fork error */ -+ else if (child) { /* parent process */ -+ while (child != wait(&stat)) /* ignore signals */ -+ continue; -+ } -+ else { /* child process */ -+ execl(RMDIRPATH, "rmdir", path, (char *) 0); -+ /* never come here except execl is error */ - return (-1); -- strcpy(cmdname, RMDIRPATH); -- *(cmdname + strlen(RMDIRPATH)) = ' '; -- strcpy(cmdname + strlen(RMDIRPATH) + 1, path); -- if ((stat = system(cmdname)) < 0) -- rtn = -1; /* fork or exec error */ -- else if (stat) { /* RMDIR command error */ -- errno = EIO; -- rtn = -1; - } -- free(cmdname); -- return (rtn); -+ if (stat != 0) { -+ errno = EIO; /* cannot get error num. */ -+ return (-1); -+ } -+ return (0); - } - - /* ------------------------------------------------------------------------ */ + #define FALSE 0 + #define TRUE 1 Modified: head/archivers/lha/files/patch-lhadd.c ============================================================================== --- head/archivers/lha/files/patch-lhadd.c Sat Feb 11 07:26:52 2017 (r433838) +++ head/archivers/lha/files/patch-lhadd.c Sat Feb 11 08:00:51 2017 (r433839) @@ -1,6 +1,29 @@ ---- src/lhadd.c.orig Mon Jul 31 18:09:53 2000 -+++ src/lhadd.c Mon Jul 31 18:14:20 2000 -@@ -270,13 +270,35 @@ +--- src/lhadd.c.orig 2000-10-04 14:57:38 UTC ++++ src/lhadd.c +@@ -75,7 +75,7 @@ add_one(fp, nafp, hdr) + + + /* ------------------------------------------------------------------------ */ +-FILE * ++static FILE * + append_it(name, oafp, nafp) + char *name; + FILE *oafp, *nafp; +@@ -242,11 +242,12 @@ delete(oafp, nafp) + b2 = strtok(NULL, "|"); + if (need_file(b1)) { /* skip */ + fseek(oafp, ahdr.packed_size, SEEK_CUR); +- if (noexec || !quiet) ++ if (noexec || !quiet) { + if (b2 != NULL) + printf("delete %s -> %s\n", b1, b2); + else + printf("delete %s\n", b1); ++ } + } + else { /* copy */ + if (noexec) { +@@ -270,13 +271,35 @@ build_temporary_file() { int old_umask; FILE *afp; @@ -38,3 +61,11 @@ remove_temporary_at_error = TRUE; temporary_fp = afp; umask(old_umask); +@@ -340,6 +363,7 @@ temporary_to_new_archive_file(new_archiv + remove_temporary_at_error = FALSE; + } + #else ++void + temporary_to_new_archive_file(new_archive_size) + long new_archive_size; + { Modified: head/archivers/lha/files/patch-lharc.c ============================================================================== --- head/archivers/lha/files/patch-lharc.c Sat Feb 11 07:26:52 2017 (r433838) +++ head/archivers/lha/files/patch-lharc.c Sat Feb 11 08:00:51 2017 (r433839) @@ -1,15 +1,15 @@ ---- src/lharc.c.orig Sun May 7 00:05:29 2000 -+++ src/lharc.c Fri Jul 28 19:35:31 2000 -@@ -889,6 +889,7 @@ - /* */ +--- src/lharc.c.orig 2000-10-05 17:33:34 UTC ++++ src/lharc.c +@@ -894,6 +894,7 @@ free_files(filec, filev) + /* */ /* ------------------------------------------------------------------------ */ /* Build temporary file name and store to TEMPORARY_NAME */ +#if !defined(__NetBSD__) && !defined(__FreeBSD__) && !defined(__OpenBSD__) void build_temporary_name() { -@@ -912,7 +913,7 @@ - mktemp(temporary_name); +@@ -925,7 +926,7 @@ build_temporary_name() + #endif #endif } - @@ -17,3 +17,12 @@ /* ------------------------------------------------------------------------ */ static void modify_filename_extention(buffer, ext) +@@ -1038,7 +1039,7 @@ open_old_archive() + else + return NULL; + } +- if (p = (char *) rindex(archive_name, '.')) { ++ if ((p = (char *) rindex(archive_name, '.'))) { + if (strucmp(".LZH", p) == 0 + || strucmp(".LZS", p) == 0 + || strucmp(".COM", p) == 0 /* DOS SFX */ Added: head/archivers/lha/files/patch-lhdir.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/lha/files/patch-lhdir.h Sat Feb 11 08:00:51 2017 (r433839) @@ -0,0 +1,12 @@ +--- src/lhdir.h.orig 2000-10-04 14:57:38 UTC ++++ src/lhdir.h +@@ -30,6 +30,6 @@ typedef struct { + /* ------------------------------------------------------------------------ */ + /* Functions */ + /* ------------------------------------------------------------------------ */ +-extern DIR *opendir(); +-extern struct direct *readdir(); +-extern int closedir(); ++extern DIR *opendir(char *name); ++extern struct direct *readdir(register DIR *dirp); ++extern int closedir(DIR *dirp); Copied and modified: head/archivers/lha/files/patch-lhext.c (from r433838, head/archivers/lha/files/patch-command_buffer) ============================================================================== --- head/archivers/lha/files/patch-command_buffer Sat Feb 11 07:26:52 2017 (r433838, copy source) +++ head/archivers/lha/files/patch-lhext.c Sat Feb 11 08:00:51 2017 (r433839) @@ -1,196 +1,84 @@ -diff -urNp src/lha_macro.h.orig lha-114i/src/lha_macro.h ---- src/lha_macro.h.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/lha_macro.h 2004-08-03 15:54:05.000000000 -0500 -@@ -53,7 +53,7 @@ - #define SEEK_SET 0 - #define SEEK_CUR 1 - #define SEEK_END 2 --#endif /* SEEK_SET -+#endif /* SEEK_SET */ - - - /* non-integral functions */ -diff -urNp src/lharc.c.orig lha-114i/src/lharc.c ---- src/lharc.c.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/lharc.c 2004-08-03 15:54:05.000000000 -0500 -@@ -830,9 +830,10 @@ find_files(name, v_filec, v_filev) - DIRENTRY *dp; - struct stat tmp_stbuf, arc_stbuf, fil_stbuf; - -- strcpy(newname, name); -+ strncpy(newname, name, sizeof(newname)); -+ newname[sizeof(newname)-1] = 0; - len = strlen(name); -- if (len > 0 && newname[len - 1] != '/') -+ if (len > 0 && newname[len - 1] != '/' && len < (sizeof(newname)-1)) - newname[len++] = '/'; - - dirp = opendir(name); -@@ -846,6 +847,11 @@ find_files(name, v_filec, v_filev) +--- src/lhext.c.orig 2000-10-04 14:57:38 UTC ++++ src/lhext.c +@@ -143,13 +143,13 @@ adjust_info(name, hdr) + char *name; + LzHeader *hdr; + { +- time_t utimebuf[2]; ++ struct utimbuf utimebuf; - for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) { - n = NAMLEN(dp); -+ if (len >= (sizeof(newname)-1) || -+ (len+n) >= (sizeof(newname)-1) || -+ n <= 0 || -+ (len+n) <= 0) -+ break; - strncpy(newname + len, dp->d_name, n); - newname[len + n] = '\0'; - if (GETSTAT(newname, &fil_stbuf) < 0) -@@ -903,7 +909,8 @@ build_temporary_name() - strcpy(temporary_name, TMP_FILENAME_TEMPLATE); + /* adjust file stamp */ +- utimebuf[0] = utimebuf[1] = hdr->unix_last_modified_stamp; ++ utimebuf.actime = utimebuf.modtime = hdr->unix_last_modified_stamp; + + if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) != UNIX_FILE_SYMLINK) +- utime(name, utimebuf); ++ utime(name, &utimebuf); + + if (hdr->extend_type == EXTEND_UNIX + || hdr->extend_type == EXTEND_OS68K +@@ -190,8 +190,13 @@ extract_one(afp, hdr) + q = (char *) rindex(hdr->name, '/') + 1; } else { -- sprintf(temporary_name, "%s/lhXXXXXX", extract_directory); -+ snprintf(temporary_name, sizeof(temporary_name), -+ "%s/lhXXXXXX", extract_directory); - } - #ifdef MKSTEMP - mkstemp(temporary_name); -@@ -913,10 +920,16 @@ build_temporary_name() - #else - char *p, *s; - -- strcpy(temporary_name, archive_name); -+ strncpy(temporary_name, archive_name, sizeof(temporary_name)); -+ temporary_name[sizeof(temporary_name)-1] = 0; - for (p = temporary_name, s = (char *) 0; *p; p++) - if (*p == '/') - s = p; -+ -+ if( sizeof(temporary_name) - ((size_t) (s-temporary_name)) - 1 -+ <= strlen("lhXXXXXX")) -+ exit(-1); -+ - strcpy((s ? s + 1 : temporary_name), "lhXXXXXX"); - #ifdef MKSTEMP - mkstemp(temporary_name); -@@ -1052,7 +1065,8 @@ open_old_archive() - - if (open_old_archive_1(archive_name, &fp)) - return fp; -- sprintf(expanded_archive_name, "%s.lzh", archive_name); -+ snprintf(expanded_archive_name, sizeof(expanded_archive_name), -+ "%s.lzh", archive_name); - if (open_old_archive_1(expanded_archive_name, &fp)) { - archive_name = expanded_archive_name; - return fp; -@@ -1061,7 +1075,8 @@ open_old_archive() - * if ( (errno&0xffff)!=E_PNNF ) { archive_name = - * expanded_archive_name; return NULL; } - */ -- sprintf(expanded_archive_name, "%s.lzs", archive_name); -+ snprintf(expanded_archive_name, sizeof(expanded_archive_name), -+ "%s.lzs", archive_name); - if (open_old_archive_1(expanded_archive_name, &fp)) { - archive_name = expanded_archive_name; - return fp; -diff -urNp src/lhext.c.orig lha-114i/src/lhext.c ---- src/lhext.c.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/lhext.c 2004-08-03 15:55:40.000000000 -0500 -@@ -82,7 +82,8 @@ make_parent_path(name) - register char *p; - - /* make parent directory name into PATH for recursive call */ -- strcpy(path, name); -+ memset(path, 0, sizeof(path)); -+ strncpy(path, name, sizeof(path)-1); - for (p = path + strlen(path); p > path; p--) - if (p[-1] == '/') { - *--p = '\0'; -@@ -212,9 +213,11 @@ extract_one(afp, hdr) - } - - if (extract_directory) -- sprintf(name, "%s/%s", extract_directory, q); -- else -- strcpy(name, q); -+ snprintf(name, sizeof(name), "%s/%s", extract_directory, q); -+ else { -+ strncpy(name, q, sizeof(name)); -+ name[sizeof(name) - 1] = '\0'; -+ } - - - /* LZHDIRS_METHOD�����ĥإå��������å����� */ -@@ -335,7 +338,8 @@ extract_one(afp, hdr) - if ((hdr->unix_mode & UNIX_FILE_TYPEMASK) == UNIX_FILE_SYMLINK) { - char buf[256], *bb1, *bb2; - int l_code; -- strcpy(buf, name); -+ strncpy(buf, name, sizeof(buf)); -+ buf[sizeof(buf)-1] = 0; - bb1 = strtok(buf, "|"); - bb2 = strtok(NULL, "|"); ++ if (is_directory_traversal(q)) { ++ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q); ++ exit(111); ++ } ++ + if (*q == '/') { +- q++; ++ while (*q == '/') { q++; } + /* + * if OSK then strip device name + */ +@@ -351,10 +356,13 @@ extract_one(afp, hdr) + } -@@ -365,9 +369,10 @@ extract_one(afp, hdr) + unlink(bb1); ++ make_parent_path(bb1); + l_code = symlink(bb2, bb1); + if (l_code < 0) { +- if (quiet != TRUE) +- warning("Can't make Symbolic Link : "); ++ if (quiet != TRUE) { ++ sprintf(buf, "%s -> %s", bb1, bb2); ++ warning("Can't make Symbolic Link : ", buf); ++ } + } if (quiet != TRUE) { printf("Symbolic Link %s -> %s\n", bb1, bb2); - } -- strcpy(name, bb1); /* Symbolic's name set */ -+ strncpy(name, bb1, 255); /* Symbolic's name set */ -+ name[255] = 0; - #else -- sprintf(buf, "%s -> %s", bb1, bb2); -+ snprintf(buf, sizeof(buf), "%s -> %s", bb1, bb2); - warning("Can't make Symbolic Link", buf); - return; - #endif -diff -urNp src/lhlist.c.orig lha-114i/src/lhlist.c ---- src/lhlist.c.orig 2004-08-03 15:53:56.000000000 -0500 -+++ src/lhlist.c 2004-08-03 15:54:05.000000000 -0500 -@@ -250,7 +250,8 @@ list_one(hdr) - printf(" %s", hdr->name); - else { - char buf[256], *b1, *b2; -- strcpy(buf, hdr->name); -+ strncpy(buf, hdr->name, sizeof(buf)); -+ buf[sizeof(buf)-1] = 0; - b1 = strtok(buf, "|"); - b2 = strtok(NULL, "|"); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702110800.v1B80p0k038126>