File libcdio-0.94-leak-06.patch of Package libcdio.24379

Partial patch. Backport.
From b9ab2a9d36a216ba1b3a6b4ee465c3ee2b806ec6 Mon Sep 17 00:00:00 2001
From: "R. Bernstein" <rocky@gnu.org>
Date: Mon, 20 Nov 2017 19:17:56 -0500
Subject: [PATCH 6/20] Fixes for bad iso9660 detection ...

from Thomas Schmitt
---
 NEWS                  |  5 +++--
 src/iso-info.c        | 45 +++++++++++++++++++++++++++----------------
 test/check_bad_iso.sh | 13 ++++++-------
 3 files changed, 37 insertions(+), 26 deletions(-)

Index: libcdio-0.94/src/iso-info.c
===================================================================
--- libcdio-0.94.orig/src/iso-info.c
+++ libcdio-0.94/src/iso-info.c
@@ -62,6 +62,13 @@
 #define NORMAL ""
 #endif
 
+/* TODO: Find a better place from where cd-info can read it too. */
+/*
+   ECMA-119 allows only a depth of 8 directories. Nobody obeys.
+   Rock Ridge allows path length 1023. This would be max depth 512.
+*/
+#define CDIO_MAX_DIR_RECURSION 512
+
 /* Used by `main' to communicate with `parse_opt'. And global options
  */
 static struct arguments
@@ -213,8 +220,9 @@ _log_handler (cdio_log_level_t level, co
   gl_default_cdio_log_handler (level, message);
 }
 
-static int
-print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[])
+static void
+print_iso9660_recurse (iso9660_t *p_iso, const char psz_path[],
+		       unsigned int rec_counter)
 {
   CdioList_t *entlist;
   CdioList_t *dirlist =  _cdio_list_new ();
@@ -223,8 +231,6 @@ print_iso9660_recurse (iso9660_t *p_iso,
   char *translated_name = (char *) malloc(4096);
   size_t translated_name_size = 4096;
   entlist = iso9660_ifs_readdir (p_iso, psz_path);
-  int rc = 0;
-
   if (opts.print_iso9660) {
     printf ("%s:\n", psz_path);
   }
@@ -233,7 +239,17 @@ print_iso9660_recurse (iso9660_t *p_iso,
     free(translated_name);
     free(dirlist);
     report( stderr, "Error getting above directory information\n" );
-    return 1;
+    return;
+  }
+
+  rec_counter++;
+  if (rec_counter > CDIO_MAX_DIR_RECURSION) {
+    free(translated_name);
+    free(dirlist);
+    _cdio_list_free (entlist, true);
+    report( stderr,
+            "Directory recursion too deep. ISO most probably damaged.\n" );
+    return;
   }
 
   /* Iterate over files in this directory */
@@ -243,16 +259,13 @@ print_iso9660_recurse (iso9660_t *p_iso,
       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
       char *psz_iso_name = p_statbuf->filename;
       char _fullname[4096] = { 0, };
-      if (strlen(psz_iso_name) == 0)
-	continue;
-
-      if (strlen(psz_iso_name) >= translated_name_size) {
+       if (strlen(psz_iso_name) >= translated_name_size) {
          translated_name_size = strlen(psz_iso_name)+1;
          free(translated_name);
          translated_name = (char *) malloc(translated_name_size);
          if (!translated_name) {
            report( stderr, "Error allocating memory\n" );
-           return 2;
+           return;
          }
        }
 
@@ -302,17 +315,16 @@ print_iso9660_recurse (iso9660_t *p_iso,
     {
       char *_fullname = _cdio_list_node_data (entnode);
 
-      rc += print_iso9660_recurse (p_iso, _fullname);
+      print_iso9660_recurse (p_iso, _fullname, rec_counter);
     }
 
   _cdio_list_free (dirlist, true);
-  return rc;
 }
 
-static int
+static void
 print_iso9660_fs (iso9660_t *iso)
 {
-  return print_iso9660_recurse (iso, "/");
+  print_iso9660_recurse (iso, "/", 0);
 }
 
 static void
@@ -435,7 +447,6 @@ main(int argc, char *argv[])
 
   iso9660_t           *p_iso=NULL;
   iso_extension_mask_t iso_extension_mask = ISO_EXTENSION_ALL;
-  int rc = EXIT_SUCCESS;
 
   init();
 
@@ -505,7 +516,7 @@ main(int argc, char *argv[])
           printf("Note: both -f and -l options given -- "
                  "-l (long listing) takes precidence\n");
       }
-      rc = print_iso9660_fs(p_iso);
+      print_iso9660_fs(p_iso);
   } else if (opts.print_udf) {
       print_udf_fs();
   }
@@ -515,5 +526,5 @@ main(int argc, char *argv[])
   iso9660_close(p_iso);
   /* Not reached:*/
   free(program_name);
-  return(rc);
+  return(EXIT_SUCCESS);
 }
openSUSE Build Service is sponsored by