The commit is required by the fix for CVE-2021-41072. Update context for version 4.4. Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e] Signed-off-by: Kai Kang From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001 From: Phillip Lougher Date: Sun, 12 Sep 2021 20:09:13 +0100 Subject: [PATCH] unsquashfs: dynamically allocate name Dynamically allocate name rather than store it directly in structure. Signed-off-by: Phillip Lougher --- squashfs-tools/unsquash-1.c | 2 +- squashfs-tools/unsquash-1234.c | 5 +++++ squashfs-tools/unsquash-2.c | 2 +- squashfs-tools/unsquash-3.c | 2 +- squashfs-tools/unsquash-4.c | 2 +- squashfs-tools/unsquashfs.h | 2 +- 6 files changed, 10 insertions(+), 5 deletions(-) diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c index 7598499..d0121c6 100644 --- a/squashfs-tools/unsquash-1.c +++ b/squashfs-tools/unsquash-1.c @@ -303,7 +303,7 @@ static struct dir *squashfs_opendir(unsi "realloc failed!\n"); dir->dirs = new_dir; } - strcpy(dir->dirs[dir->dir_count].name, dire->name); + dir->dirs[dir->dir_count].name = strdup(dire->name); dir->dirs[dir->dir_count].start_block = dirh.start_block; dir->dirs[dir->dir_count].offset = dire->offset; diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c index 0c8dfbb..ac46d9d 100644 --- a/squashfs-tools/unsquash-1234.c +++ b/squashfs-tools/unsquash-1234.c @@ -60,6 +60,11 @@ int check_name(char *name, int size) void squashfs_closedir(struct dir *dir) { + int i; + + for(i = 0; i < dir->dir_count; i++) + free(dir->dirs[i].name); + free(dir->dirs); free(dir); } diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c index 86f62ba..e847980 100644 --- a/squashfs-tools/unsquash-2.c +++ b/squashfs-tools/unsquash-2.c @@ -404,7 +404,7 @@ static struct dir *squashfs_opendir(unsi "realloc failed!\n"); dir->dirs = new_dir; } - strcpy(dir->dirs[dir->dir_count].name, dire->name); + dir->dirs[dir->dir_count].name = strdup(dire->name); dir->dirs[dir->dir_count].start_block = dirh.start_block; dir->dirs[dir->dir_count].offset = dire->offset; diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c index c04aa9e..8223f27 100644 --- a/squashfs-tools/unsquash-3.c +++ b/squashfs-tools/unsquash-3.c @@ -431,7 +431,7 @@ static struct dir *squashfs_opendir(unsi "realloc failed!\n"); dir->dirs = new_dir; } - strcpy(dir->dirs[dir->dir_count].name, dire->name); + dir->dirs[dir->dir_count].name = strdup(dire->name); dir->dirs[dir->dir_count].start_block = dirh.start_block; dir->dirs[dir->dir_count].offset = dire->offset; diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c index ff62dcc..1e199a7 100644 --- a/squashfs-tools/unsquash-4.c +++ b/squashfs-tools/unsquash-4.c @@ -367,7 +367,7 @@ static struct dir *squashfs_opendir(unsi "realloc failed!\n"); dir->dirs = new_dir; } - strcpy(dir->dirs[dir->dir_count].name, dire->name); + dir->dirs[dir->dir_count].name = strdup(dire->name); dir->dirs[dir->dir_count].start_block = dirh.start_block; dir->dirs[dir->dir_count].offset = dire->offset; diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h index 5ecb2ab..583fbe4 100644 --- a/squashfs-tools/unsquashfs.h +++ b/squashfs-tools/unsquashfs.h @@ -165,7 +165,7 @@ struct queue { #define DIR_ENT_SIZE 16 struct dir_ent { - char name[SQUASHFS_NAME_LEN + 1]; + char *name; unsigned int start_block; unsigned int offset; unsigned int type; -- 2.17.1