rpm: Fix cpio 32 bit overflow issues on 64 bit inode filesystems

When building on XFS filesystems, the resulting rpms can be corrupted with the same inode number being used for multiple hardlinked files. There are two fixes, one to stop rpm crashing when accessing a broken binary rpm, the other to stop generating them in the first places. Full descriptions in the patch headers. (From OE-Core rev: d20d3476157b7c949b0077cad0ab1e8716d6162a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-06-10 17:32:16 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-06-12 17:47:59 +0100
commit: dd50dfe27ea5be5bfc9f1b4f1ce4f1bf421498b6 (patch)
tree: 7eae0c14d984f0ef61d3f50b8d27e8a19d98bfef /meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch
parent: b5a928af721026795be7b7f68b2dd577408afbe5 (diff)
download: poky-dd50dfe27ea5be5bfc9f1b4f1ce4f1bf421498b6.tar.gz
1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch b/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch
new file mode 100644
index 0000000000..8c2a04a3d5
--- /dev/null
+++ b/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch
@@ -0,0 +1,43 @@
+We need to sanity check that the nlink size and our linksLeft counter
+do match. If an rpm is badly constructed with identical inode values
+for multiple hardlinked files, such an rpm will otherwise access memory
+out of array bounds and cause memory corruption and crashes.
+The fix is to add in the sanity check and exit if bad circumstances
+are found. We need to fix the caller to check the return code too.
+RP 2014/6/10
+Upstream-Status: Pending
+Index: rpm-5.4.9/lib/fsm.c
+===================================================================
+--- rpm-5.4.9.orig/lib/fsm.c    2014-06-10 10:54:08.601049402 +0000
+++ rpm-5.4.9/lib/fsm.c 2014-06-10 10:55:45.633046077 +0000
+@@ -495,6 +495,11 @@
+     }
+ 
+     if (fsm->goal == IOSM_PKGBUILD) --fsm->li->linksLeft;
+    if (fsm->li->linksLeft > st->st_nlink) {
+       rpmlog(RPMLOG_ERR, _("Corrupted hardlinks found (count %d does not match %d), exiting.\n"), fsm->li->linksLeft, st->st_nlink);
+       return -1;
+    }
+
+     fsm->li->filex[fsm->li->linksLeft] = fsm->ix;
+     /*@-observertrans -dependenttrans@*/
+     fsm->li->nsuffix[fsm->li->linksLeft] = fsm->nsuffix;
+@@ -1876,8 +1881,13 @@
+        fsm->postpone = iosmFileActionSkipped(fsm->action);
+        if (fsm->goal == IOSM_PKGINSTALL || fsm->goal == IOSM_PKGBUILD) {
+            /*@-evalorder@*/ /* FIX: saveHardLink can modify fsm */
+-           if (S_ISREG(st->st_mode) && st->st_nlink > 1)
+           if (S_ISREG(st->st_mode) && st->st_nlink > 1) {
+                fsm->postpone = saveHardLink(fsm);
+               if (fsm->postpone < 0) {
+                   rc = RPMRC_FAIL;
+                   break;
+               }
+           }
+            /*@=evalorder@*/
+        }
+ if (fsmGetFi(fsm)->mapflags & IOSM_PAYLOAD_LIST) fsm->postpone = 1;
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-06-10 17:32:16 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-06-12 17:47:59 +0100
commit	dd50dfe27ea5be5bfc9f1b4f1ce4f1bf421498b6 (patch)
tree	7eae0c14d984f0ef61d3f50b8d27e8a19d98bfef /meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch
parent	b5a928af721026795be7b7f68b2dd577408afbe5 (diff)
download	poky-dd50dfe27ea5be5bfc9f1b4f1ce4f1bf421498b6.tar.gz

diff --git a/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch b/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch new file mode 100644 index 0000000000..8c2a04a3d5 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch
@@ -0,0 +1,43 @@
	1	We need to sanity check that the nlink size and our linksLeft counter
	2	do match. If an rpm is badly constructed with identical inode values
	3	for multiple hardlinked files, such an rpm will otherwise access memory
	4	out of array bounds and cause memory corruption and crashes.
	5
	6	The fix is to add in the sanity check and exit if bad circumstances
	7	are found. We need to fix the caller to check the return code too.
	8
	9	RP 2014/6/10
	10
	11	Upstream-Status: Pending
	12
	13	Index: rpm-5.4.9/lib/fsm.c
	14	===================================================================
	15	--- rpm-5.4.9.orig/lib/fsm.c 2014-06-10 10:54:08.601049402 +0000
	16	+++ rpm-5.4.9/lib/fsm.c 2014-06-10 10:55:45.633046077 +0000
	17	@@ -495,6 +495,11 @@
	18	}
	19
	20	if (fsm->goal == IOSM_PKGBUILD) --fsm->li->linksLeft;
	21	+ if (fsm->li->linksLeft > st->st_nlink) {
	22	+ rpmlog(RPMLOG_ERR, _("Corrupted hardlinks found (count %d does not match %d), exiting.\n"), fsm->li->linksLeft, st->st_nlink);
	23	+ return -1;
	24	+ }
	25	+
	26	fsm->li->filex[fsm->li->linksLeft] = fsm->ix;
	27	/@-observertrans -dependenttrans@/
	28	fsm->li->nsuffix[fsm->li->linksLeft] = fsm->nsuffix;
	29	@@ -1876,8 +1881,13 @@
	30	fsm->postpone = iosmFileActionSkipped(fsm->action);
	31	if (fsm->goal == IOSM_PKGINSTALL \|\| fsm->goal == IOSM_PKGBUILD) {
	32	/@-evalorder@/ /* FIX: saveHardLink can modify fsm */
	33	- if (S_ISREG(st->st_mode) && st->st_nlink > 1)
	34	+ if (S_ISREG(st->st_mode) && st->st_nlink > 1) {
	35	fsm->postpone = saveHardLink(fsm);
	36	+ if (fsm->postpone < 0) {
	37	+ rc = RPMRC_FAIL;
	38	+ break;
	39	+ }
	40	+ }
	41	/@=evalorder@/
	42	}
	43	if (fsmGetFi(fsm)->mapflags & IOSM_PAYLOAD_LIST) fsm->postpone = 1;