Path: blob/main/archivers/fastjar/files/patch-jartool.c
16461 views
--- jartool.c.orig 2025-02-09 11:28:36 UTC1+++ jartool.c2@@ -790,6 +790,7 @@ int read_entries (int fd)3progname, jarfile);4return 1;5}6+ ze->filename[len] = '\0';7len = UNPACK_UB4(header, CEN_EFLEN);8len += UNPACK_UB4(header, CEN_COMLEN);9if (lseek (fd, len, SEEK_CUR) == -1)10@@ -1257,7 +1258,7 @@ int add_file_to_jar(int jfd, int ffd, const char *fnam11exit_on_error("write");1213/* write the file name to the zip file */14- if (1 == write(jfd, fname, file_name_length))15+ if (-1 == write(jfd, fname, file_name_length))16exit_on_error("write");1718if(verbose){19@@ -1273,15 +1274,18 @@ int add_file_to_jar(int jfd, int ffd, const char *fnam20compress_file(ffd, jfd, ze, existing);21} else {22/* If we are not writing the last entry, make space for it. */23- if (existing && existing->next_entry)24+ if (existing)25{26- if (ze->usize > existing->usize)27+ if (existing->next_entry)28{29- if (shift_down (jfd, existing->next_entry->offset,30- ze->usize - existing->usize, existing->next_entry))31+ if (ze->usize > existing->usize)32{33- fprintf (stderr, "%s: %s\n", progname, strerror (errno));34- return 1;35+ if (shift_down (jfd, existing->next_entry->offset,36+ ze->usize - existing->usize, existing->next_entry))37+ {38+ fprintf (stderr, "%s: %s\n", progname, strerror (errno));39+ return 1;40+ }41}42}43}44@@ -1730,33 +1734,46 @@ int extract_jar(int fd, const char **files, int file_n45struct stat sbuf;46int depth = 0;4748- tmp_buff = malloc(sizeof(char) * strlen((const char *)filename));49+ if(*filename == '/'){50+ fprintf(stderr, "Absolute path names are not allowed.\n");51+ exit(EXIT_FAILURE);52+ }5354+ tmp_buff = malloc(strlen((const char *)filename));55+56+ if(tmp_buff == NULL) {57+ fprintf(stderr, "Out of memory.\n");58+ exit(EXIT_FAILURE);59+ }60+61for(;;){62const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/');6364if(idx == NULL)65break;66else if(idx == start){67+ tmp_buff[idx - filename] = '/';68start++;69continue;70}71- start = idx + 1;7273- strncpy(tmp_buff, (const char *)filename, (idx - filename));74- tmp_buff[(idx - filename)] = '\0';75+ memcpy(tmp_buff + (start - filename), (const char *)start, (idx - start));76+ tmp_buff[idx - filename] = '\0';7778#ifdef DEBUG79printf("checking the existance of %s\n", tmp_buff);80#endif81- if(strcmp(tmp_buff, "..") == 0){82+ if(idx - start == 2 && memcmp(start, "..", 2) == 0){83--depth;84if (depth < 0){85fprintf(stderr, "Traversal to parent directories during unpacking!\n");86exit(EXIT_FAILURE);87}88- } else if (strcmp(tmp_buff, ".") != 0)89+ } else if (idx - start != 1 || *start != '.')90++depth;91+92+ start = idx + 1;93+94if(stat(tmp_buff, &sbuf) < 0){95if(errno != ENOENT)96exit_on_error("stat");97@@ -1765,6 +1782,7 @@ int extract_jar(int fd, const char **files, int file_n98#ifdef DEBUG99printf("Directory exists\n");100#endif101+ tmp_buff[idx - filename] = '/';102continue;103}else {104fprintf(stderr, "Hmmm.. %s exists but isn't a directory!\n",105@@ -1781,10 +1799,11 @@ int extract_jar(int fd, const char **files, int file_n106if(verbose && handle)107printf("%10s: %s/\n", "created", tmp_buff);108109+ tmp_buff[idx - filename] = '/';110}111112/* only a directory */113- if(strlen((const char *)start) == 0)114+ if(*start == '\0')115dir = TRUE;116117#ifdef DEBUG118@@ -1792,7 +1811,7 @@ int extract_jar(int fd, const char **files, int file_n119#endif120121/* If the entry was just a directory, don't write to file, etc */122- if(strlen((const char *)start) == 0)123+ if(*start == '\0')124f_fd = -1;125126free(tmp_buff);127@@ -1876,7 +1895,8 @@ int extract_jar(int fd, const char **files, int file_n128exit(EXIT_FAILURE);129}130131- close(f_fd);132+ if (f_fd != -1)133+ close(f_fd);134135if(verbose && dir == FALSE && handle)136printf("%10s: %s\n",137138139