[xar commit] r225 - Fix an invalid free.
1 view
Skip to first unread message
codesite...@google.com
Jul 8, 2009, 11:16:42 PM7/8/09
to xar-c...@googlegroups.com
Author: bbraun
Date: Wed Jul 8 20:15:55 2009
New Revision: 225
Modified:
trunk/xar/ChangeLog
trunk/xar/lib/archive.c
Log:
Fix an invalid free.
Change xar_open() to check from checksum properties in the toc.
Modified: trunk/xar/ChangeLog
==============================================================================
--- trunk/xar/ChangeLog (original)
+++ trunk/xar/ChangeLog Wed Jul 8 20:15:55 2009
@@ -1,4 +1,7 @@
devel
+ 2009-07-08 Rob Braun bbr...@synack.net
+ * lib/archive.c: Fix an invalid free, pointed out by Randy Saldinger
+ * lib/archive.c: Have xar_open() check if there are checksum properties
in the toc and use that. If not, fall back to static location.
2008-12-19 Rob Braun bbr...@synack.net
* lib/lzmaxar.c include/xar.h.in src/xar.c: Update lzma support to
reflect the new xz naming and adjust lzma to be the old lzma format.
Changes from Anders F Bj�rklund.
2008-08-19 Rob Braun bbr...@synack.net
Modified: trunk/xar/lib/archive.c
==============================================================================
--- trunk/xar/lib/archive.c (original)
+++ trunk/xar/lib/archive.c Wed Jul 8 20:15:55 2009
@@ -330,6 +330,44 @@
EVP_DigestFinal(&XAR(ret)->toc_ctx, toccksum, &tlen);
+ const char *value;
+ uint64_t offset = 0;
+ uint64_t length = tlen;
+ if( xar_prop_get( XAR_FILE(ret) , "checksum/offset", &value) == 0 ) {
+ errno = 0;
+ offset = strtoull( value, (char **)NULL, 10);
+ if( errno != 0 ) {
+ xar_close(ret);
+ return NULL;
+ }
+ } else if( xar_signature_first(ret) != NULL ) {
+ // All archives that have a signature also specify the location
+ // of the checksum. If the location isn't specified, error out.
+ xar_close(ret);
+ return NULL;
+ }
+
+ XAR(ret)->heap_offset = xar_get_heap_offset(ret) + offset;
+ if( lseek(XAR(ret)->fd, XAR(ret)->heap_offset, SEEK_SET) == -1 ) {
+ xar_close(ret);
+ return NULL;
+ }
+ if( xar_prop_get( XAR_FILE(ret) , "checksum/size", &value) == 0 ) {
+ errno = 0;
+ length = strtoull( value, (char **)NULL, 10);
+ if( errno != 0 ) {
+ xar_close(ret);
+ return NULL;
+ }
+ } else if( xar_signature_first(ret) != NULL ) {
+ xar_close(ret);
+ return NULL;
+ }
+ if( length != tlen ) {
+ xar_close(ret);
+ return NULL;
+ }
+
xar_read_fd(XAR(ret)->fd, cval, tlen);
XAR(ret)->heap_offset += tlen;
if( memcmp(cval, toccksum, tlen) != 0 ) {
@@ -1234,7 +1272,7 @@
ret = xar_arcmod_extract(x,f,NULL,*buffer,*size);
if( ret ) {
*size = 0;
- free(buffer);
+ free(*buffer);
*buffer = NULL;
}
Date: Wed Jul 8 20:15:55 2009
New Revision: 225
Modified:
trunk/xar/ChangeLog
trunk/xar/lib/archive.c
Log:
Fix an invalid free.
Change xar_open() to check from checksum properties in the toc.
Modified: trunk/xar/ChangeLog
==============================================================================
--- trunk/xar/ChangeLog (original)
+++ trunk/xar/ChangeLog Wed Jul 8 20:15:55 2009
@@ -1,4 +1,7 @@
devel
+ 2009-07-08 Rob Braun bbr...@synack.net
+ * lib/archive.c: Fix an invalid free, pointed out by Randy Saldinger
+ * lib/archive.c: Have xar_open() check if there are checksum properties
in the toc and use that. If not, fall back to static location.
2008-12-19 Rob Braun bbr...@synack.net
* lib/lzmaxar.c include/xar.h.in src/xar.c: Update lzma support to
reflect the new xz naming and adjust lzma to be the old lzma format.
Changes from Anders F Bj�rklund.
2008-08-19 Rob Braun bbr...@synack.net
Modified: trunk/xar/lib/archive.c
==============================================================================
--- trunk/xar/lib/archive.c (original)
+++ trunk/xar/lib/archive.c Wed Jul 8 20:15:55 2009
@@ -330,6 +330,44 @@
EVP_DigestFinal(&XAR(ret)->toc_ctx, toccksum, &tlen);
+ const char *value;
+ uint64_t offset = 0;
+ uint64_t length = tlen;
+ if( xar_prop_get( XAR_FILE(ret) , "checksum/offset", &value) == 0 ) {
+ errno = 0;
+ offset = strtoull( value, (char **)NULL, 10);
+ if( errno != 0 ) {
+ xar_close(ret);
+ return NULL;
+ }
+ } else if( xar_signature_first(ret) != NULL ) {
+ // All archives that have a signature also specify the location
+ // of the checksum. If the location isn't specified, error out.
+ xar_close(ret);
+ return NULL;
+ }
+
+ XAR(ret)->heap_offset = xar_get_heap_offset(ret) + offset;
+ if( lseek(XAR(ret)->fd, XAR(ret)->heap_offset, SEEK_SET) == -1 ) {
+ xar_close(ret);
+ return NULL;
+ }
+ if( xar_prop_get( XAR_FILE(ret) , "checksum/size", &value) == 0 ) {
+ errno = 0;
+ length = strtoull( value, (char **)NULL, 10);
+ if( errno != 0 ) {
+ xar_close(ret);
+ return NULL;
+ }
+ } else if( xar_signature_first(ret) != NULL ) {
+ xar_close(ret);
+ return NULL;
+ }
+ if( length != tlen ) {
+ xar_close(ret);
+ return NULL;
+ }
+
xar_read_fd(XAR(ret)->fd, cval, tlen);
XAR(ret)->heap_offset += tlen;
if( memcmp(cval, toccksum, tlen) != 0 ) {
@@ -1234,7 +1272,7 @@
ret = xar_arcmod_extract(x,f,NULL,*buffer,*size);
if( ret ) {
*size = 0;
- free(buffer);
+ free(*buffer);
*buffer = NULL;
}
Reply all
Reply to author
Forward
0 new messages