File libcdio-0.94-leak-06.patch of Package libcdio.24379
Partial patch. Backport.
From b9ab2a9d36a216ba1b3a6b4ee465c3ee2b806ec6 Mon Sep 17 00:00:00 2001
From: "R. Bernstein" <rocky@gnu.org>
Date: Mon, 20 Nov 2017 19:17:56 -0500
Subject: [PATCH 6/20] Fixes for bad iso9660 detection ...
from Thomas Schmitt
---
NEWS | 5 +++--
src/iso-info.c | 45 +++++++++++++++++++++++++++----------------
test/check_bad_iso.sh | 13 ++++++-------
3 files changed, 37 insertions(+), 26 deletions(-)
Index: libcdio-0.94/src/iso-info.c
===================================================================
--- libcdio-0.94.orig/src/iso-info.c
+++ libcdio-0.94/src/iso-info.c
@@ -62,6 +62,13 @@
#define NORMAL ""
#endif
+/* TODO: Find a better place from where cd-info can read it too. */
+/*
+ ECMA-119 allows only a depth of 8 directories. Nobody obeys.
+ Rock Ridge allows path length 1023. This would be max depth 512.
+*/
+#define CDIO_MAX_DIR_RECURSION 512
+
/* Used by `main' to communicate with `parse_opt'. And global options
*/
static struct arguments
@@ -213,8 +220,9 @@ _log_handler (cdio_log_level_t level, co
gl_default_cdio_log_handler (level, message);
}
-static int
-print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[])
+static void
+print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[],
+ unsigned int rec_counter)
{
CdioList_t *entlist;
CdioList_t *dirlist = _cdio_list_new ();
@@ -223,8 +231,6 @@ print_iso9660_recurse (iso9660_t *p_iso,
char *translated_name = (char *) malloc(4096);
size_t translated_name_size = 4096;
entlist = iso9660_ifs_readdir (p_iso, psz_path);
- int rc = 0;
-
if (opts.print_iso9660) {
printf ("%s:\n", psz_path);
}
@@ -233,7 +239,17 @@ print_iso9660_recurse (iso9660_t *p_iso,
free(translated_name);
free(dirlist);
report( stderr, "Error getting above directory information\n" );
- return 1;
+ return;
+ }
+
+ rec_counter++;
+ if (rec_counter > CDIO_MAX_DIR_RECURSION) {
+ free(translated_name);
+ free(dirlist);
+ _cdio_list_free (entlist, true);
+ report( stderr,
+ "Directory recursion too deep. ISO most probably damaged.\n" );
+ return;
}
/* Iterate over files in this directory */
@@ -243,16 +259,13 @@ print_iso9660_recurse (iso9660_t *p_iso,
iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
char *psz_iso_name = p_statbuf->filename;
char _fullname[4096] = { 0, };
- if (strlen(psz_iso_name) == 0)
- continue;
-
- if (strlen(psz_iso_name) >= translated_name_size) {
+ if (strlen(psz_iso_name) >= translated_name_size) {
translated_name_size = strlen(psz_iso_name)+1;
free(translated_name);
translated_name = (char *) malloc(translated_name_size);
if (!translated_name) {
report( stderr, "Error allocating memory\n" );
- return 2;
+ return;
}
}
@@ -302,17 +315,16 @@ print_iso9660_recurse (iso9660_t *p_iso,
{
char *_fullname = _cdio_list_node_data (entnode);
- rc += print_iso9660_recurse (p_iso, _fullname);
+ print_iso9660_recurse (p_iso, _fullname, rec_counter);
}
_cdio_list_free (dirlist, true);
- return rc;
}
-static int
+static void
print_iso9660_fs (iso9660_t *iso)
{
- return print_iso9660_recurse (iso, "/");
+ print_iso9660_recurse (iso, "/", 0);
}
static void
@@ -435,7 +447,6 @@ main(int argc, char *argv[])
iso9660_t *p_iso=NULL;
iso_extension_mask_t iso_extension_mask = ISO_EXTENSION_ALL;
- int rc = EXIT_SUCCESS;
init();
@@ -505,7 +516,7 @@ main(int argc, char *argv[])
printf("Note: both -f and -l options given -- "
"-l (long listing) takes precidence\n");
}
- rc = print_iso9660_fs(p_iso);
+ print_iso9660_fs(p_iso);
} else if (opts.print_udf) {
print_udf_fs();
}
@@ -515,5 +526,5 @@ main(int argc, char *argv[])
iso9660_close(p_iso);
/* Not reached:*/
free(program_name);
- return(rc);
+ return(EXIT_SUCCESS);
}