tb/contrib
1
0
Fork 0
forked from ports/contrib
Code Pull Requests Activity

zziplib: update to 0.13.71

Browse Source
This commit is contained in:
John Vogel 2020-04-19 16:54:36 -04:00
parent ba9d828e66
commit bba2bd35c5
12 changed files with 19 additions and 1302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
zziplib/.footprint
View File

@ -38,28 +38,28 @@ drwxr-xr-x root/root usr/lib/
lrwxrwxrwx root/root usr/lib/libzzip-0.so.10 -> libzzip-0.so.13 lrwxrwxrwx root/root usr/lib/libzzip-0.so.10 -> libzzip-0.so.13
lrwxrwxrwx root/root usr/lib/libzzip-0.so.11 -> libzzip-0.so.13 lrwxrwxrwx root/root usr/lib/libzzip-0.so.11 -> libzzip-0.so.13
lrwxrwxrwx root/root usr/lib/libzzip-0.so.12 -> libzzip-0.so.13 lrwxrwxrwx root/root usr/lib/libzzip-0.so.12 -> libzzip-0.so.13
lrwxrwxrwx root/root usr/lib/libzzip-0.so.13 -> libzzip-0.so.13.0.69 lrwxrwxrwx root/root usr/lib/libzzip-0.so.13 -> libzzip-0.so.13.0.71
-rwxr-xr-x root/root usr/lib/libzzip-0.so.13.0.69 -rwxr-xr-x root/root usr/lib/libzzip-0.so.13.0.71
-rwxr-xr-x root/root usr/lib/libzzip.la -rwxr-xr-x root/root usr/lib/libzzip.la
lrwxrwxrwx root/root usr/lib/libzzip.so -> libzzip-0.so.13.0.69 lrwxrwxrwx root/root usr/lib/libzzip.so -> libzzip-0.so.13.0.71
lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.10 -> libzzipfseeko-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.10 -> libzzipfseeko-0.so.13
lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.11 -> libzzipfseeko-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.11 -> libzzipfseeko-0.so.13
lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.12 -> libzzipfseeko-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.12 -> libzzipfseeko-0.so.13
lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.13 -> libzzipfseeko-0.so.13.0.69 lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.13 -> libzzipfseeko-0.so.13.0.71
-rwxr-xr-x root/root usr/lib/libzzipfseeko-0.so.13.0.69 -rwxr-xr-x root/root usr/lib/libzzipfseeko-0.so.13.0.71
-rwxr-xr-x root/root usr/lib/libzzipfseeko.la -rwxr-xr-x root/root usr/lib/libzzipfseeko.la
lrwxrwxrwx root/root usr/lib/libzzipfseeko.so -> libzzipfseeko-0.so.13.0.69 lrwxrwxrwx root/root usr/lib/libzzipfseeko.so -> libzzipfseeko-0.so.13.0.71
lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.10 -> libzzipmmapped-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.10 -> libzzipmmapped-0.so.13
lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.11 -> libzzipmmapped-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.11 -> libzzipmmapped-0.so.13
lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.12 -> libzzipmmapped-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.12 -> libzzipmmapped-0.so.13
lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.13 -> libzzipmmapped-0.so.13.0.69 lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.13 -> libzzipmmapped-0.so.13.0.71
-rwxr-xr-x root/root usr/lib/libzzipmmapped-0.so.13.0.69 -rwxr-xr-x root/root usr/lib/libzzipmmapped-0.so.13.0.71
-rwxr-xr-x root/root usr/lib/libzzipmmapped.la -rwxr-xr-x root/root usr/lib/libzzipmmapped.la
lrwxrwxrwx root/root usr/lib/libzzipmmapped.so -> libzzipmmapped-0.so.13.0.69 lrwxrwxrwx root/root usr/lib/libzzipmmapped.so -> libzzipmmapped-0.so.13.0.71
lrwxrwxrwx root/root usr/lib/libzzipwrap-0.so.13 -> libzzipwrap-0.so.13.0.69 lrwxrwxrwx root/root usr/lib/libzzipwrap-0.so.13 -> libzzipwrap-0.so.13.0.71
-rwxr-xr-x root/root usr/lib/libzzipwrap-0.so.13.0.69 -rwxr-xr-x root/root usr/lib/libzzipwrap-0.so.13.0.71
-rwxr-xr-x root/root usr/lib/libzzipwrap.la -rwxr-xr-x root/root usr/lib/libzzipwrap.la
lrwxrwxrwx root/root usr/lib/libzzipwrap.so -> libzzipwrap-0.so.13.0.69 lrwxrwxrwx root/root usr/lib/libzzipwrap.so -> libzzipwrap-0.so.13.0.71
drwxr-xr-x root/root usr/lib/pkgconfig/ drwxr-xr-x root/root usr/lib/pkgconfig/
-rw-r--r-- root/root usr/lib/pkgconfig/zzip-zlib-config.pc -rw-r--r-- root/root usr/lib/pkgconfig/zzip-zlib-config.pc
-rw-r--r-- root/root usr/lib/pkgconfig/zzipfseeko.pc -rw-r--r-- root/root usr/lib/pkgconfig/zzipfseeko.pc

17
zziplib/.signature
View File

@ -1,14 +1,5 @@
untrusted comment: verify with /etc/ports/contrib.pub untrusted comment: verify with /etc/ports/contrib.pub
RWSagIOpLGJF323YBX3OvObwjGcNjANZfcFfjB3VYx169yHRwKkQQco/ToW0DSglPWAe9m5We0mxU4rD5ZvEqAMxJJy7L7BzOgE= RWSagIOpLGJF3zJY7VvqCEBkhkBLCKyniuWqBDnxA+/YHD9DougMEFWixNiZ9x0Wx7ummoE5aC5qt4I3RfCqvgVXJ50ADmo4RAE=
SHA256 (Pkgfile) = e1283c4767ac6eb3de6ff0836e4d7da2fca0a4e6eabc1b6c5580835f3d1db8dc SHA256 (Pkgfile) = fa8d6d858d0b4e1f4f79dcd9f64154751696510801ee594c5859dbebcfec7562
SHA256 (.footprint) = 528ac7b321f52007b62da2bf243b296d8b28decb7738ef9de87b57fde0d3e74e SHA256 (.footprint) = 34a8454214edf058caa654bfcd0879aabd9d3cff33c6dc93b6591d51cb2a4266
SHA256 (zziplib-0.13.69.tar.gz) = 846246d7cdeee405d8d21e2922c6e97f55f24ecbe3b6dcf5778073a88f120544 SHA256 (zziplib-0.13.71.tar.gz) = 2ee1e0fbbb78ec7cc46bde5b62857bc51f8d665dd265577cf93584344b8b9de2
SHA256 (0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch) = aca062fe1ef9145a0975a49b629354b0ea4e83fb1136d686c0d4c743e4aa04c5
SHA256 (0002-Fix-_zzip_strndup-strndup-is-not-available.patch) = 77d1c39b70d78c3dd675869d7a5856f401fe2668b96a511b2e31f458a122e22a
SHA256 (0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch) = 5592eadaf4b06ae20046c063ef8efc349767db386270dcf75b5ba4d6afda698a
SHA256 (0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch) = 6f399d542378d1772dc3fd5077cba86c421d241fcad551c9cf1c315e4ecdd831
SHA256 (0006-One-more-free-to-avoid-memory-leak.patch) = caf7d43083badf77b09a89d2906c09495ff5e09753abdfd7d46838f3404e6b48
SHA256 (0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch) = c4ecd34bf0628d4fa6ecb6ecc6c8c79b3a457bc9cd8d5417a2770224d6a2d8be
SHA256 (0009-Code-cleanup-in-bins.patch) = 80b7cdaddfd28774dbdb2e61c4e170217fe0b08575cf8730167ce438f2ac8556
SHA256 (0010-Prevent-division-by-zero.patch) = c1558b4ddf3f51db56e3b24a894990ff70591604942193b92b43256bf062d716
SHA256 (0012-Update-unzip-mem.c.patch) = 00ba27e936c4e5ea7b2efd3d3a1e360931d86472e43649e25af9dd12207229e5

32
zziplib/0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch
View File

@ -1,32 +0,0 @@
From 4393a756cea723e6d4b2fa70310f64a2e1303f94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20M=C3=B6llers?= <josef.moellers@suse.com>
Date: Mon, 26 Mar 2018 12:27:34 +0200
Subject: [PATCH 01/19] zzip_mem_entry_new(): if compressed size is too big,
bail out.
---
zzip/memdisk.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/zzip/memdisk.c b/zzip/memdisk.c
index 8d5743d..7c59602 100644
--- a/zzip/memdisk.c
+++ b/zzip/memdisk.c
@@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry)
item->zz_filetype = zzip_disk_entry_get_filetype(entry);
/*
+ * If zz_data+zz_csize exceeds the size of the file, bail out
+ */
+ if ((item->zz_data + item->zz_csize) < disk->buffer ||
+ (item->zz_data + item->zz_csize) >= disk->endbuf)
+ {
+ goto error;
+ }
+ /*
* If the file is uncompressed, zz_csize and zz_usize should be the same
* If they are not, we cannot guarantee that either is correct, so ...
*/
--
2.22.0

33
zziplib/0002-Fix-_zzip_strndup-strndup-is-not-available.patch
View File

@ -1,33 +0,0 @@
From dfe0c84409db09f207ca0050fbe5492a5692f117 Mon Sep 17 00:00:00 2001
From: keneanung <keneanung@googlemail.com>
Date: Thu, 26 Apr 2018 10:42:14 +0200
Subject: [PATCH 02/19] Fix _zzip_strndup strndup is not available
---
zzip/__string.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/zzip/__string.h b/zzip/__string.h
index cd56714..2103a3b 100644
--- a/zzip/__string.h
+++ b/zzip/__string.h
@@ -31,6 +31,7 @@ _zzip_strnlen(const char *p, size_t maxlen)
#if defined ZZIP_HAVE_STRNDUP || defined strndup
#define _zzip_strndup strndup
#else
+#include <stdlib.h>
/* if your system does not have strndup: */
zzip__new__ static char *
@@ -42,7 +43,7 @@ _zzip_strndup(char const *p, size_t maxlen)
} else
{
size_t len = _zzip_strnlen(p, maxlen);
- char* r = malloc(len + 1);
+ char* r = (char *)malloc(len + 1);
if (r == NULL)
return NULL; /* errno = ENOMEM */
r[len] = '\0';
--
2.22.0

77
zziplib/0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch
View File

@ -1,77 +0,0 @@
From 9411bde3e4a70a81ff3ffd256b71927b2d90dcbb Mon Sep 17 00:00:00 2001
From: jmoellers <josef.moellers@suse.com>
Date: Fri, 7 Sep 2018 11:32:04 +0200
Subject: [PATCH 04/19] Avoid memory leak from __zzip_parse_root_directory().
---
test/test.zip | Bin 1361 -> 1361 bytes
zzip/zip.c | 36 ++++++++++++++++++++++++++++++++++--
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/test/test.zip b/test/test.zip
index 2c992ea..952d475 100644
Binary files a/test/test.zip and b/test/test.zip differ
diff --git a/zzip/zip.c b/zzip/zip.c
index 88b833b..a685280 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -475,9 +475,15 @@ __zzip_parse_root_directory(int fd,
} else
{
if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
+ {
+ free(hdr0);
return ZZIP_DIR_SEEK;
+ }
if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
+ {
+ free(hdr0);
return ZZIP_DIR_READ;
+ }
d = &dirent;
}
@@ -577,12 +583,38 @@ __zzip_parse_root_directory(int fd,
if (hdr_return)
*hdr_return = hdr0;
+ else
+ {
+ /* If it is not assigned to *hdr_return, it will never be free()'d */
+ free(hdr0);
+ /* Make sure we don't free it again in case of error */
+ hdr0 = NULL;
+ }
} /* else zero (sane) entries */
# ifndef ZZIP_ALLOW_MODULO_ENTRIES
- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
+ if (entries != zz_entries)
+ {
+ /* If it was assigned to *hdr_return, undo assignment */
+ if (p_reclen && hdr_return)
+ *hdr_return = NULL;
+ /* Free it, if it was not already free()'d */
+ if (hdr0 != NULL)
+ free(hdr0);
+ return ZZIP_CORRUPTED;
+ }
# else
- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
+ if (((entries & (unsigned)0xFFFF) != zz_entries)
+ {
+ /* If it was assigned to *hdr_return, undo assignment */
+ if (p_reclen && hdr_return)
+ *hdr_return = NULL;
+ /* Free it, if it was not already free()'d */
+ if (hdr0 != NULL)
+ free(hdr0);
+ return ZZIP_CORRUPTED;
+ }
# endif
+ return 0;
}
/* ------------------------- high-level interface ------------------------- */
--
2.22.0

53
zziplib/0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch
View File

@ -1,53 +0,0 @@
From d2e5d5c53212e54a97ad64b793a4389193fec687 Mon Sep 17 00:00:00 2001
From: jmoellers <josef.moellers@suse.com>
Date: Fri, 7 Sep 2018 11:49:28 +0200
Subject: [PATCH 05/19] Avoid memory leak from __zzip_parse_root_directory().
---
zzip/zip.c | 25 ++-----------------------
1 file changed, 2 insertions(+), 23 deletions(-)
diff --git a/zzip/zip.c b/zzip/zip.c
index a685280..51a1a4d 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -587,34 +587,13 @@ __zzip_parse_root_directory(int fd,
{
/* If it is not assigned to *hdr_return, it will never be free()'d */
free(hdr0);
- /* Make sure we don't free it again in case of error */
- hdr0 = NULL;
}
} /* else zero (sane) entries */
# ifndef ZZIP_ALLOW_MODULO_ENTRIES
- if (entries != zz_entries)
- {
- /* If it was assigned to *hdr_return, undo assignment */
- if (p_reclen && hdr_return)
- *hdr_return = NULL;
- /* Free it, if it was not already free()'d */
- if (hdr0 != NULL)
- free(hdr0);
- return ZZIP_CORRUPTED;
- }
+ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
# else
- if (((entries & (unsigned)0xFFFF) != zz_entries)
- {
- /* If it was assigned to *hdr_return, undo assignment */
- if (p_reclen && hdr_return)
- *hdr_return = NULL;
- /* Free it, if it was not already free()'d */
- if (hdr0 != NULL)
- free(hdr0);
- return ZZIP_CORRUPTED;
- }
+ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
# endif
- return 0;
}
/* ------------------------- high-level interface ------------------------- */
--
2.22.0

25
zziplib/0006-One-more-free-to-avoid-memory-leak.patch
View File

@ -1,25 +0,0 @@
From 0e1dadb05c1473b9df2d7b8f298dab801778ef99 Mon Sep 17 00:00:00 2001
From: jmoellers <josef.moellers@suse.com>
Date: Fri, 7 Sep 2018 13:55:35 +0200
Subject: [PATCH 06/19] One more free() to avoid memory leak.
---
zzip/zip.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/zzip/zip.c b/zzip/zip.c
index 51a1a4d..bc6c080 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -589,6 +589,8 @@ __zzip_parse_root_directory(int fd,
free(hdr0);
}
} /* else zero (sane) entries */
+ else
+ free(hdr0);
# ifndef ZZIP_ALLOW_MODULO_ENTRIES
return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
# else
--
2.22.0

344
zziplib/0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch
View File

@ -1,344 +0,0 @@
From 81dfa6b3e08f6934885ba5c98939587d6850d08e Mon Sep 17 00:00:00 2001
From: Josef Moellers <jmoellers@suse.de>
Date: Thu, 4 Oct 2018 14:21:48 +0200
Subject: [PATCH 07/19] Fix issue #62: Remove any "../" components from
pathnames of extracted files. [CVE-2018-17828]
---
bins/unzzipcat-big.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
bins/unzzipcat-mem.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
bins/unzzipcat-mix.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
bins/unzzipcat-zip.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
4 files changed, 224 insertions(+), 4 deletions(-)
diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
index 982d262..88c4d65 100644
--- a/bins/unzzipcat-big.c
+++ b/bins/unzzipcat-big.c
@@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -70,6 +112,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -79,7 +131,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+ return fp;
}
diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
index 9bc966b..793bde8 100644
--- a/bins/unzzipcat-mem.c
+++ b/bins/unzzipcat-mem.c
@@ -58,6 +58,48 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -75,6 +117,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -84,7 +136,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+ return fp;
}
static int unzzip_cat (int argc, char ** argv, int extract)
diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
index 91c2f00..73b6ed6 100644
--- a/bins/unzzipcat-mix.c
+++ b/bins/unzzipcat-mix.c
@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -86,6 +128,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+ return fp;
}
static int unzzip_cat (int argc, char ** argv, int extract)
diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
index 2810f85..7f7f3fa 100644
--- a/bins/unzzipcat-zip.c
+++ b/bins/unzzipcat-zip.c
@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -86,6 +128,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+ return fp;
}
static int unzzip_cat (int argc, char ** argv, int extract)
--
2.22.0

635
zziplib/0009-Code-cleanup-in-bins.patch
View File

@ -1,635 +0,0 @@
From f888547b1bb7f2354d66912fed62e2a5053b76e6 Mon Sep 17 00:00:00 2001
From: Josef Moellers <jmoellers@suse.de>
Date: Fri, 12 Oct 2018 16:45:47 +0200
Subject: [PATCH 09/19] Code cleanup in "bins".
---
bins/unzzip.c | 113 +++++++++++++++++++++++++++++++++++++++++
bins/unzzipcat-big.c | 91 ++-------------------------------
bins/unzzipcat-mem.c | 91 ++-------------------------------
bins/unzzipcat-mix.c | 116 ++-----------------------------------------
bins/unzzipcat-zip.c | 116 ++-----------------------------------------
5 files changed, 125 insertions(+), 402 deletions(-)
diff --git a/bins/unzzip.c b/bins/unzzip.c
index f91c5eb..5426049 100644
--- a/bins/unzzip.c
+++ b/bins/unzzip.c
@@ -5,8 +5,14 @@
* This file is used as an example to clarify zzip api usage.
*/
+#include <sys/stat.h>
#include <zzip/zzip.h>
+#include <zzip/__string.h>
+#include <zzip/__mkdir.h>
+#include <zzip/__debug.h>
+#include <zzip/file.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include "unzzipcat-zip.h"
#include "unzzipdir-zip.h"
@@ -32,6 +38,113 @@ static int unzzip_help(void)
return 0;
}
+/* Functions used by unzzipcat-*.c: */
+int exitcode(int e)
+{
+ switch (e)
+ {
+ case ZZIP_NO_ERROR:
+ return EXIT_OK;
+ case ZZIP_OUTOFMEM: /* out of memory */
+ return EXIT_ENOMEM;
+ case ZZIP_DIR_OPEN: /* failed to open zipfile, see errno for details */
+ return EXIT_ZIP_NOT_FOUND;
+ case ZZIP_DIR_STAT: /* failed to fstat zipfile, see errno for details */
+ case ZZIP_DIR_SEEK: /* failed to lseek zipfile, see errno for details */
+ case ZZIP_DIR_READ: /* failed to read zipfile, see errno for details */
+ case ZZIP_DIR_TOO_SHORT:
+ case ZZIP_DIR_EDH_MISSING:
+ return EXIT_FILEFORMAT;
+ case ZZIP_DIRSIZE:
+ return EXIT_EARLY_END_OF_FILE;
+ case ZZIP_ENOENT:
+ return EXIT_FILE_NOT_FOUND;
+ case ZZIP_UNSUPP_COMPR:
+ return EXIT_UNSUPPORTED_COMPRESSION;
+ case ZZIP_CORRUPTED:
+ case ZZIP_UNDEF:
+ case ZZIP_DIR_LARGEFILE:
+ return EXIT_FILEFORMAT;
+ }
+ return EXIT_ERRORS;
+}
+
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
+static void makedirs(const char* name)
+{
+ char* p = strrchr(name, '/');
+ if (p) {
+ char* dir_name = _zzip_strndup(name, p-name);
+ makedirs(dir_name);
+ free (dir_name);
+ }
+ if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST)
+ {
+ DBG3("while mkdir %s : %s", name, strerror(errno));
+ }
+ errno = 0;
+}
+
+FILE* create_fopen(char* name, char* mode, int subdirs)
+{
+ char name_stripped[PATH_MAX];
+
+ strncpy(name_stripped, name, PATH_MAX);
+ remove_dotdotslash(name_stripped);
+
+ if (subdirs)
+ {
+ char* p = strrchr(name_stripped, '/');
+ if (p) {
+ char* dir_name = _zzip_strndup(name_stripped, p-name);
+ makedirs(dir_name);
+ free (dir_name);
+ }
+ }
+ return fopen(name_stripped, mode);
+}
+
int
main (int argc, char ** argv)
{
diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
index 88c4d65..111ef47 100644
--- a/bins/unzzipcat-big.c
+++ b/bins/unzzipcat-big.c
@@ -16,10 +16,9 @@
#include "unzzipcat-zip.h"
#include "unzzip-states.h"
-static int exitcode(int e)
-{
- return EXIT_ERRORS;
-}
+/* Functions in unzzip.c: */
+extern int exitcode(int);
+extern FILE* create_fopen(char*, char*, int);
static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
{
@@ -53,90 +52,6 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
}
}
-/*
- * NAME: remove_dotdotslash
- * PURPOSE: To remove any "../" components from the given pathname
- * ARGUMENTS: path: path name with maybe "../" components
- * RETURNS: Nothing, "path" is modified in-place
- * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
- * Also, "path" is not used after creating it.
- * So modifying "path" in-place is safe to do.
- */
-static inline void
-remove_dotdotslash(char *path)
-{
- /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
- char *dotdotslash;
- int warned = 0;
-
- dotdotslash = path;
- while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
- {
- /*
- * Remove only if at the beginning of the pathname ("../path/name")
- * or when preceded by a slash ("path/../name"),
- * otherwise not ("path../name..")!
- */
- if (dotdotslash == path || dotdotslash[-1] == '/')
- {
- char *src, *dst;
- if (!warned)
- {
- /* Note: the first time through the pathname is still intact */
- fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
- warned = 1;
- }
- /* We cannot use strcpy(), as there "The strings may not overlap" */
- for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
- ;
- }
- else
- dotdotslash +=3; /* skip this instance to prevent infinite loop */
- }
-}
-
-static void makedirs(const char* name)
-{
- char* p = strrchr(name, '/');
- if (p) {
- char* dir_name = _zzip_strndup(name, p-name);
- makedirs(dir_name);
- free (dir_name);
- }
- if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST)
- {
- DBG3("while mkdir %s : %s", name, strerror(errno));
- }
- errno = 0;
-}
-
-static FILE* create_fopen(char* name, char* mode, int subdirs)
-{
- char *name_stripped;
- FILE *fp;
- int mustfree = 0;
-
- if ((name_stripped = strdup(name)) != NULL)
- {
- remove_dotdotslash(name_stripped);
- name = name_stripped;
- mustfree = 1;
- }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
- if (p) {
- char* dir_name = _zzip_strndup(name, p-name);
- makedirs(dir_name);
- free (dir_name);
- }
- }
- fp = fopen(name, mode);
- if (mustfree)
- free(name_stripped);
- return fp;
-}
-
static int unzzip_cat (int argc, char ** argv, int extract)
{
diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
index 793bde8..cfa27ab 100644
--- a/bins/unzzipcat-mem.c
+++ b/bins/unzzipcat-mem.c
@@ -24,10 +24,9 @@
#include <io.h>
#endif
-static int exitcode(int e)
-{
- return EXIT_ERRORS;
-}
+/* Functions in unzzip.c: */
+extern int exitcode(int);
+extern FILE* create_fopen(char*, char*, int);
static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk,
ZZIP_MEM_ENTRY* entry, FILE* out)
@@ -58,90 +57,6 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
}
}
-/*
- * NAME: remove_dotdotslash
- * PURPOSE: To remove any "../" components from the given pathname
- * ARGUMENTS: path: path name with maybe "../" components
- * RETURNS: Nothing, "path" is modified in-place
- * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
- * Also, "path" is not used after creating it.
- * So modifying "path" in-place is safe to do.
- */
-static inline void
-remove_dotdotslash(char *path)
-{
- /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
- char *dotdotslash;
- int warned = 0;
-
- dotdotslash = path;
- while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
- {
- /*
- * Remove only if at the beginning of the pathname ("../path/name")
- * or when preceded by a slash ("path/../name"),
- * otherwise not ("path../name..")!
- */
- if (dotdotslash == path || dotdotslash[-1] == '/')
- {
- char *src, *dst;
- if (!warned)
- {
- /* Note: the first time through the pathname is still intact */
- fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
- warned = 1;
- }
- /* We cannot use strcpy(), as there "The strings may not overlap" */
- for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
- ;
- }
- else
- dotdotslash +=3; /* skip this instance to prevent infinite loop */
- }
-}
-
-static void makedirs(const char* name)
-{
- char* p = strrchr(name, '/');
- if (p) {
- char* dir_name = _zzip_strndup(name, p-name);
- makedirs(dir_name);
- free (dir_name);
- }
- if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST)
- {
- DBG3("while mkdir %s : %s", name, strerror(errno));
- }
- errno = 0;
-}
-
-static FILE* create_fopen(char* name, char* mode, int subdirs)
-{
- char *name_stripped;
- FILE *fp;
- int mustfree = 0;
-
- if ((name_stripped = strdup(name)) != NULL)
- {
- remove_dotdotslash(name_stripped);
- name = name_stripped;
- mustfree = 1;
- }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
- if (p) {
- char* dir_name = _zzip_strndup(name, p-name);
- makedirs(dir_name);
- free (dir_name);
- }
- }
- fp = fopen(name, mode);
- if (mustfree)
- free(name_stripped);
- return fp;
-}
-
static int unzzip_cat (int argc, char ** argv, int extract)
{
int done = 0;
diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
index 73b6ed6..5a32b1d 100644
--- a/bins/unzzipcat-mix.c
+++ b/bins/unzzipcat-mix.c
@@ -24,35 +24,9 @@
#include <io.h>
#endif
-static int exitcode(int e)
-{
- switch (e)
- {
- case ZZIP_NO_ERROR:
- return EXIT_OK;
- case ZZIP_OUTOFMEM: /* out of memory */
- return EXIT_ENOMEM;
- case ZZIP_DIR_OPEN: /* failed to open zipfile, see errno for details */
- return EXIT_ZIP_NOT_FOUND;
- case ZZIP_DIR_STAT: /* failed to fstat zipfile, see errno for details */
- case ZZIP_DIR_SEEK: /* failed to lseek zipfile, see errno for details */
- case ZZIP_DIR_READ: /* failed to read zipfile, see errno for details */
- case ZZIP_DIR_TOO_SHORT:
- case ZZIP_DIR_EDH_MISSING:
- return EXIT_FILEFORMAT;
- case ZZIP_DIRSIZE:
- return EXIT_EARLY_END_OF_FILE;
- case ZZIP_ENOENT:
- return EXIT_FILE_NOT_FOUND;
- case ZZIP_UNSUPP_COMPR:
- return EXIT_UNSUPPORTED_COMPRESSION;
- case ZZIP_CORRUPTED:
- case ZZIP_UNDEF:
- case ZZIP_DIR_LARGEFILE:
- return EXIT_FILEFORMAT;
- }
- return EXIT_ERRORS;
-}
+/* Functions in unzzip.c: */
+extern int exitcode(int);
+extern FILE* create_fopen(char*, char*, int);
static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
{
@@ -69,90 +43,6 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
}
}
-/*
- * NAME: remove_dotdotslash
- * PURPOSE: To remove any "../" components from the given pathname
- * ARGUMENTS: path: path name with maybe "../" components
- * RETURNS: Nothing, "path" is modified in-place
- * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
- * Also, "path" is not used after creating it.
- * So modifying "path" in-place is safe to do.
- */
-static inline void
-remove_dotdotslash(char *path)
-{
- /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
- char *dotdotslash;
- int warned = 0;
-
- dotdotslash = path;
- while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
- {
- /*
- * Remove only if at the beginning of the pathname ("../path/name")
- * or when preceded by a slash ("path/../name"),
- * otherwise not ("path../name..")!
- */
- if (dotdotslash == path || dotdotslash[-1] == '/')
- {
- char *src, *dst;
- if (!warned)
- {
- /* Note: the first time through the pathname is still intact */
- fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
- warned = 1;
- }
- /* We cannot use strcpy(), as there "The strings may not overlap" */
- for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
- ;
- }
- else
- dotdotslash +=3; /* skip this instance to prevent infinite loop */
- }
-}
-
-static void makedirs(const char* name)
-{
- char* p = strrchr(name, '/');
- if (p) {
- char* dir_name = _zzip_strndup(name, p-name);
- makedirs(dir_name);
- free (dir_name);
- }
- if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST)
- {
- DBG3("while mkdir %s : %s", name, strerror(errno));
- }
- errno = 0;
-}
-
-static FILE* create_fopen(char* name, char* mode, int subdirs)
-{
- char *name_stripped;
- FILE *fp;
- int mustfree = 0;
-
- if ((name_stripped = strdup(name)) != NULL)
- {
- remove_dotdotslash(name_stripped);
- name = name_stripped;
- mustfree = 1;
- }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
- if (p) {
- char* dir_name = _zzip_strndup(name, p-name);
- makedirs(dir_name);
- free (dir_name);
- }
- }
- fp = fopen(name, mode);
- if (mustfree)
- free(name_stripped);
- return fp;
-}
-
static int unzzip_cat (int argc, char ** argv, int extract)
{
int done = 0;
diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
index 7f7f3fa..be5e7fa 100644
--- a/bins/unzzipcat-zip.c
+++ b/bins/unzzipcat-zip.c
@@ -24,35 +24,9 @@
#include <io.h>
#endif
-static int exitcode(int e)
-{
- switch (e)
- {
- case ZZIP_NO_ERROR:
- return EXIT_OK;
- case ZZIP_OUTOFMEM: /* out of memory */
- return EXIT_ENOMEM;
- case ZZIP_DIR_OPEN: /* failed to open zipfile, see errno for details */
- return EXIT_ZIP_NOT_FOUND;
- case ZZIP_DIR_STAT: /* failed to fstat zipfile, see errno for details */
- case ZZIP_DIR_SEEK: /* failed to lseek zipfile, see errno for details */
- case ZZIP_DIR_READ: /* failed to read zipfile, see errno for details */
- case ZZIP_DIR_TOO_SHORT:
- case ZZIP_DIR_EDH_MISSING:
- return EXIT_FILEFORMAT;
- case ZZIP_DIRSIZE:
- return EXIT_EARLY_END_OF_FILE;
- case ZZIP_ENOENT:
- return EXIT_FILE_NOT_FOUND;
- case ZZIP_UNSUPP_COMPR:
- return EXIT_UNSUPPORTED_COMPRESSION;
- case ZZIP_CORRUPTED:
- case ZZIP_UNDEF:
- case ZZIP_DIR_LARGEFILE:
- return EXIT_FILEFORMAT;
- }
- return EXIT_ERRORS;
-}
+/* Functions in unzzip.c: */
+extern int exitcode(int);
+extern FILE* create_fopen(char*, char*, int);
static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
{
@@ -69,90 +43,6 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
}
}
-/*
- * NAME: remove_dotdotslash
- * PURPOSE: To remove any "../" components from the given pathname
- * ARGUMENTS: path: path name with maybe "../" components
- * RETURNS: Nothing, "path" is modified in-place
- * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
- * Also, "path" is not used after creating it.
- * So modifying "path" in-place is safe to do.
- */
-static inline void
-remove_dotdotslash(char *path)
-{
- /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
- char *dotdotslash;
- int warned = 0;
-
- dotdotslash = path;
- while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
- {
- /*
- * Remove only if at the beginning of the pathname ("../path/name")
- * or when preceded by a slash ("path/../name"),
- * otherwise not ("path../name..")!
- */
- if (dotdotslash == path || dotdotslash[-1] == '/')
- {
- char *src, *dst;
- if (!warned)
- {
- /* Note: the first time through the pathname is still intact */
- fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
- warned = 1;
- }
- /* We cannot use strcpy(), as there "The strings may not overlap" */
- for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
- ;
- }
- else
- dotdotslash +=3; /* skip this instance to prevent infinite loop */
- }
-}
-
-static void makedirs(const char* name)
-{
- char* p = strrchr(name, '/');
- if (p) {
- char* dir_name = _zzip_strndup(name, p-name);
- makedirs(dir_name);
- free (dir_name);
- }
- if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST)
- {
- DBG3("while mkdir %s : %s", name, strerror(errno));
- }
- errno = 0;
-}
-
-static FILE* create_fopen(char* name, char* mode, int subdirs)
-{
- char *name_stripped;
- FILE *fp;
- int mustfree = 0;
-
- if ((name_stripped = strdup(name)) != NULL)
- {
- remove_dotdotslash(name_stripped);
- name = name_stripped;
- mustfree = 1;
- }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
- if (p) {
- char* dir_name = _zzip_strndup(name, p-name);
- makedirs(dir_name);
- free (dir_name);
- }
- }
- fp = fopen(name, mode);
- if (mustfree)
- free(name_stripped);
- return fp;
-}
-
static int unzzip_cat (int argc, char ** argv, int extract)
{
int done = 0;
--
2.22.0

30
zziplib/0010-Prevent-division-by-zero.patch
View File

@ -1,30 +0,0 @@
From 220b12635668fd524f950fd2e5c7635a43a90bdd Mon Sep 17 00:00:00 2001
From: Josef Moellers <jmoellers@suse.de>
Date: Mon, 1 Apr 2019 16:28:00 +0200
Subject: [PATCH 10/19] Prevent division by zero
---
bins/unzip-mem.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
index c45cb72..c576290 100644
--- a/bins/unzip-mem.c
+++ b/bins/unzip-mem.c
@@ -231,9 +231,12 @@ static void zzip_mem_entry_direntry(ZZIP_MEM_ENTRY* entry)
if (*name == '\n') name++;
if (option_verbose) {
+ long percentage;
+
+ percentage = usize ? (L (100 - (csize*100/usize))) : 100; /* 100% if file size is 0 */
printf("%8li%c %s %8li%c%3li%% %s %8lx %s %s\n",
L usize, exp, comprlevel[compr], L csize, exp,
- L (100 - (csize*100/usize)),
+ percentage,
_zzip_ctime(&mtime), crc32, name, comment);
} else {
printf(" %8li%c %s %s %s\n",
--
2.22.0

25
zziplib/0012-Update-unzip-mem.c.patch
View File

@ -1,25 +0,0 @@
From 82feb94da77a60c9d85e7ddfc037f363a30be457 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20M=C3=B6llers?= <josef.moellers@suse.com>
Date: Thu, 4 Apr 2019 11:30:08 +0200
Subject: [PATCH 12/19] Update unzip-mem.c
---
bins/unzip-mem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
index c576290..a42d448 100644
--- a/bins/unzip-mem.c
+++ b/bins/unzip-mem.c
@@ -233,7 +233,7 @@ static void zzip_mem_entry_direntry(ZZIP_MEM_ENTRY* entry)
if (option_verbose) {
long percentage;
- percentage = usize ? (L (100 - (csize*100/usize))) : 100; /* 100% if file size is 0 */
+ percentage = usize ? (L (100 - (csize*100/usize))) : 0; /* 0% if file size is 0 */
printf("%8li%c %s %8li%c%3li%% %s %8lx %s %s\n",
L usize, exp, comprlevel[compr], L csize, exp,
percentage,
--
2.22.0

26
zziplib/Pkgfile
View File

@ -4,33 +4,13 @@
# Depends on: zlib python # Depends on: zlib python
name=zziplib name=zziplib
version=0.13.69 version=0.13.71
release=2 release=1
source=(https://github.com/gdraheim/$name/archive/v$version/$name-$version.tar.gz source=(https://github.com/gdraheim/$name/archive/v$version/$name-$version.tar.gz)
0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch
0002-Fix-_zzip_strndup-strndup-is-not-available.patch
0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch
0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch
0006-One-more-free-to-avoid-memory-leak.patch
0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch
0009-Code-cleanup-in-bins.patch
0010-Prevent-division-by-zero.patch
0012-Update-unzip-mem.c.patch)
build() { build() {
cd $name-$version cd $name-$version
# Upstream bug fixes (maybe create considated patch)
patch -p1 -i $SRC/0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch
patch -p1 -i $SRC/0002-Fix-_zzip_strndup-strndup-is-not-available.patch
patch -p1 -i $SRC/0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch
patch -p1 -i $SRC/0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch
patch -p1 -i $SRC/0006-One-more-free-to-avoid-memory-leak.patch
patch -p1 -i $SRC/0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch
patch -p1 -i $SRC/0009-Code-cleanup-in-bins.patch
patch -p1 -i $SRC/0010-Prevent-division-by-zero.patch
patch -p1 -i $SRC/0012-Update-unzip-mem.c.patch
# docs building currently broken for almost 1/6 or more of manpages # docs building currently broken for almost 1/6 or more of manpages
# TODO: troubleshoot and report upstream # TODO: troubleshoot and report upstream
sed -i -e 's,^\(SUBDIRS = .*\) docs\(.*\)$,\1\2,' \ sed -i -e 's,^\(SUBDIRS = .*\) docs\(.*\)$,\1\2,' \