1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
The commit is required by the fix for CVE-2021-41072.
Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001
From: Phillip Lougher <phillip@squashfs.org.uk>
Date: Sun, 12 Sep 2021 20:09:13 +0100
Subject: [PATCH] unsquashfs: dynamically allocate name
Dynamically allocate name rather than store it
directly in structure.
Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
---
squashfs-tools/unsquash-1.c | 2 +-
squashfs-tools/unsquash-1234.c | 5 +++++
squashfs-tools/unsquash-2.c | 2 +-
squashfs-tools/unsquash-3.c | 2 +-
squashfs-tools/unsquash-4.c | 2 +-
squashfs-tools/unsquashfs.h | 2 +-
6 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
index 7598499..d0121c6 100644
--- a/squashfs-tools/unsquash-1.c
+++ b/squashfs-tools/unsquash-1.c
@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
dir->dirs = new_dir;
}
- strcpy(dir->dirs[dir->dir_count].name, dire->name);
+ dir->dirs[dir->dir_count].name = strdup(dire->name);
dir->dirs[dir->dir_count].start_block =
dirh.start_block;
dir->dirs[dir->dir_count].offset = dire->offset;
diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
index 0c8dfbb..ac46d9d 100644
--- a/squashfs-tools/unsquash-1234.c
+++ b/squashfs-tools/unsquash-1234.c
@@ -60,6 +60,11 @@ int check_name(char *name, int size)
void squashfs_closedir(struct dir *dir)
{
+ int i;
+
+ for(i = 0; i < dir->dir_count; i++)
+ free(dir->dirs[i].name);
+
free(dir->dirs);
free(dir);
}
diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
index 86f62ba..e847980 100644
--- a/squashfs-tools/unsquash-2.c
+++ b/squashfs-tools/unsquash-2.c
@@ -452,7 +452,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
dir->dirs = new_dir;
}
- strcpy(dir->dirs[dir->dir_count].name, dire->name);
+ dir->dirs[dir->dir_count].name = strdup(dire->name);
dir->dirs[dir->dir_count].start_block =
dirh.start_block;
dir->dirs[dir->dir_count].offset = dire->offset;
diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
index c04aa9e..8223f27 100644
--- a/squashfs-tools/unsquash-3.c
+++ b/squashfs-tools/unsquash-3.c
@@ -486,7 +486,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
dir->dirs = new_dir;
}
- strcpy(dir->dirs[dir->dir_count].name, dire->name);
+ dir->dirs[dir->dir_count].name = strdup(dire->name);
dir->dirs[dir->dir_count].start_block =
dirh.start_block;
dir->dirs[dir->dir_count].offset = dire->offset;
diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
index ff62dcc..1e199a7 100644
--- a/squashfs-tools/unsquash-4.c
+++ b/squashfs-tools/unsquash-4.c
@@ -423,7 +423,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
dir->dirs = new_dir;
}
- strcpy(dir->dirs[dir->dir_count].name, dire->name);
+ dir->dirs[dir->dir_count].name = strdup(dire->name);
dir->dirs[dir->dir_count].start_block =
dirh.start_block;
dir->dirs[dir->dir_count].offset = dire->offset;
diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
index 5ecb2ab..583fbe4 100644
--- a/squashfs-tools/unsquashfs.h
+++ b/squashfs-tools/unsquashfs.h
@@ -164,7 +164,7 @@ struct queue {
#define DIR_ENT_SIZE 16
struct dir_ent {
- char name[SQUASHFS_NAME_LEN + 1];
+ char *name;
unsigned int start_block;
unsigned int offset;
unsigned int type;
--
2.17.1
|
