1The commit is required by the fix for CVE-2021-41072. 2 3Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e] 4 5Signed-off-by: Kai Kang <kai.kang@windriver.com> 6 7From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001 8From: Phillip Lougher <phillip@squashfs.org.uk> 9Date: Sun, 12 Sep 2021 20:09:13 +0100 10Subject: [PATCH] unsquashfs: dynamically allocate name 11 12Dynamically allocate name rather than store it 13directly in structure. 14 15Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> 16--- 17 squashfs-tools/unsquash-1.c | 2 +- 18 squashfs-tools/unsquash-1234.c | 5 +++++ 19 squashfs-tools/unsquash-2.c | 2 +- 20 squashfs-tools/unsquash-3.c | 2 +- 21 squashfs-tools/unsquash-4.c | 2 +- 22 squashfs-tools/unsquashfs.h | 2 +- 23 6 files changed, 10 insertions(+), 5 deletions(-) 24 25diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c 26index 7598499..d0121c6 100644 27--- a/squashfs-tools/unsquash-1.c 28+++ b/squashfs-tools/unsquash-1.c 29@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse 30 dir->dirs = new_dir; 31 } 32 33- strcpy(dir->dirs[dir->dir_count].name, dire->name); 34+ dir->dirs[dir->dir_count].name = strdup(dire->name); 35 dir->dirs[dir->dir_count].start_block = 36 dirh.start_block; 37 dir->dirs[dir->dir_count].offset = dire->offset; 38diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c 39index 0c8dfbb..ac46d9d 100644 40--- a/squashfs-tools/unsquash-1234.c 41+++ b/squashfs-tools/unsquash-1234.c 42@@ -60,6 +60,11 @@ int check_name(char *name, int size) 43 44 void squashfs_closedir(struct dir *dir) 45 { 46+ int i; 47+ 48+ for(i = 0; i < dir->dir_count; i++) 49+ free(dir->dirs[i].name); 50+ 51 free(dir->dirs); 52 free(dir); 53 } 54diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c 55index 86f62ba..e847980 100644 56--- a/squashfs-tools/unsquash-2.c 57+++ b/squashfs-tools/unsquash-2.c 58@@ -452,7 +452,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse 59 dir->dirs = new_dir; 60 } 61 62- strcpy(dir->dirs[dir->dir_count].name, dire->name); 63+ dir->dirs[dir->dir_count].name = strdup(dire->name); 64 dir->dirs[dir->dir_count].start_block = 65 dirh.start_block; 66 dir->dirs[dir->dir_count].offset = dire->offset; 67diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c 68index c04aa9e..8223f27 100644 69--- a/squashfs-tools/unsquash-3.c 70+++ b/squashfs-tools/unsquash-3.c 71@@ -486,7 +486,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse 72 dir->dirs = new_dir; 73 } 74 75- strcpy(dir->dirs[dir->dir_count].name, dire->name); 76+ dir->dirs[dir->dir_count].name = strdup(dire->name); 77 dir->dirs[dir->dir_count].start_block = 78 dirh.start_block; 79 dir->dirs[dir->dir_count].offset = dire->offset; 80diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c 81index ff62dcc..1e199a7 100644 82--- a/squashfs-tools/unsquash-4.c 83+++ b/squashfs-tools/unsquash-4.c 84@@ -423,7 +423,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse 85 dir->dirs = new_dir; 86 } 87 88- strcpy(dir->dirs[dir->dir_count].name, dire->name); 89+ dir->dirs[dir->dir_count].name = strdup(dire->name); 90 dir->dirs[dir->dir_count].start_block = 91 dirh.start_block; 92 dir->dirs[dir->dir_count].offset = dire->offset; 93diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h 94index 5ecb2ab..583fbe4 100644 95--- a/squashfs-tools/unsquashfs.h 96+++ b/squashfs-tools/unsquashfs.h 97@@ -164,7 +164,7 @@ struct queue { 98 #define DIR_ENT_SIZE 16 99 100 struct dir_ent { 101- char name[SQUASHFS_NAME_LEN + 1]; 102+ char *name; 103 unsigned int start_block; 104 unsigned int offset; 105 unsigned int type; 106-- 1072.17.1 108 109