File libostree-CVE-2014-9862.patch of Package libostree.30368
diff -urpN libostree-2021.6/bsdiff/bspatch.c libostree-2022.5/bsdiff/bspatch.c --- libostree-2021.6/bsdiff/bspatch.c 2022-08-29 12:09:02.256353712 -0500 +++ libostree-2022.5/bsdiff/bspatch.c 2022-05-09 11:29:09.000000000 -0500 @@ -25,6 +25,7 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include <limits.h> #include "bspatch.h" static int64_t offtin(uint8_t *buf) @@ -62,7 +63,9 @@ int bspatch(const uint8_t* old, int64_t }; /* Sanity-check */ - if(newpos+ctrl[0]>newsize) + if (ctrl[0]<0 || ctrl[0]>INT_MAX || + ctrl[1]<0 || ctrl[1]>INT_MAX || + newpos+ctrl[0]>newsize) return -1; /* Read diff string */ @@ -102,6 +105,8 @@ int bspatch(const uint8_t* old, int64_t #include <stdio.h> #include <string.h> #include <err.h> +#include <sys/types.h> +#include <sys/stat.h> #include <unistd.h> #include <fcntl.h> @@ -129,6 +134,7 @@ int main(int argc,char * argv[]) int64_t oldsize, newsize; BZFILE* bz2; struct bspatch_stream stream; + struct stat sb; if(argc!=4) errx(1,"usage: %s oldfile newfile patchfile\n",argv[0]); @@ -158,6 +164,7 @@ int main(int argc,char * argv[]) ((old=malloc(oldsize+1))==NULL) || (lseek(fd,0,SEEK_SET)!=0) || (read(fd,old,oldsize)!=oldsize) || + (fstat(fd, &sb)) || (close(fd)==-1)) err(1,"%s",argv[1]); if((new=malloc(newsize+1))==NULL) err(1,NULL); @@ -174,7 +181,7 @@ int main(int argc,char * argv[]) fclose(f); /* Write the new file */ - if(((fd=open(argv[2],O_CREAT|O_TRUNC|O_WRONLY,0666))<0) || + if(((fd=open(argv[2],O_CREAT|O_TRUNC|O_WRONLY,sb.st_mode))<0) || (write(fd,new,newsize)!=newsize) || (close(fd)==-1)) err(1,"%s",argv[2]);




