gryf/gryf-overlay
1
0
Fork 0
mirror of https://github.com/gryf/gryf-overlay.git synced 2026-03-11 05:25:47 +01:00
Code Issues Projects Releases Wiki Activity

Removed old unadf, cleaned up version 0.7.12.

Browse Source
This commit is contained in:
gryf
2021-07-09 18:11:30 +02:00
parent a72af5afb9
commit 1f3899d5ad
9 changed files with 178 additions and 2738 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2367
app-arch/unadf/files/64-bit-fixes
View File

File diff suppressed because it is too large Load Diff

44
app-arch/unadf/files/add-hardening-flags-in-compiler-options
View File

@@ -1,44 +0,0 @@
Description: Add hardening flags in compiler options
Author: Boris Pek <tehnick-8@mail.ru>
Last-Update: 2012-06-19
--- a/Demo/Makefile
+++ b/Demo/Makefile
@@ -8,6 +8,9 @@
CFLAGS=-I$(LIBDIR) -Wall -Wno-uninitialized -pedantic -std=gnu99 -ggdb
LDFLAGS=-L$(LIBDIR) -ladf
+CFLAGS+=$(shell dpkg-buildflags --get CFLAGS) $(shell dpkg-buildflags --get CPPFLAGS)
+LDFLAGS+=$(shell dpkg-buildflags --get LDFLAGS) -Wl,--as-needed
+
EXES= unadf
--- a/Lib/Makefile
+++ b/Lib/Makefile
@@ -16,11 +16,13 @@
DEFINES=
CFLAGS=$(DEFINES) -I${NATIV_DIR} -I.. -I. -Wall -ggdb -std=gnu99
+CFLAGS+=$(shell dpkg-buildflags --get CFLAGS) $(shell dpkg-buildflags --get CPPFLAGS)
CC=gcc
DEPEND=makedepend
LDFLAGS=-L. -ladf
+LDFLAGS+=$(shell dpkg-buildflags --get LDFLAGS) -Wl,--as-needed
LDSHARED=$(CC)
OBJS= adf_hd.o adf_disk.o adf_raw.o adf_bitm.o adf_dump.o\
--- a/Demo/unadf.c
+++ b/Demo/unadf.c
@@ -489,8 +489,7 @@
dev = adfMountDev( devname,TRUE );
if (!dev) {
- sprintf(strbuf,"Can't mount the dump device '%s'.\n", devname);
- fprintf(stderr, strbuf);
+ fprintf(stderr,"Can't mount the dump device '%s'.\n", devname);
adfEnvCleanUp(); exit(1);
}
if (!qflag)

100
app-arch/unadf/files/source-code-fixes
View File

@@ -1,100 +0,0 @@
Description: fix header files
Last-Update: 2012-05-31
--- unadf-0.7.11a.orig/Lib/adf_env.c
+++ unadf-0.7.11a/Lib/adf_env.c
@@ -33,7 +33,7 @@
#include"adf_nativ.h"
#include"adf_env.h"
-#include"defendian.h"
+#include"Win32/defendian.h"
union u{
long l;
--- unadf-0.7.11a.orig/Lib/adf_file.c
+++ unadf-0.7.11a/Lib/adf_file.c
@@ -31,7 +31,7 @@
#include"adf_util.h"
#include"adf_file.h"
#include"adf_str.h"
-#include"defendian.h"
+#include"Win32/defendian.h"
#include"adf_raw.h"
#include"adf_disk.h"
#include"adf_dir.h"
--- unadf-0.7.11a.orig/Lib/adf_dir.c
+++ unadf-0.7.11a/Lib/adf_dir.c
@@ -32,7 +32,7 @@
#include"adf_dir.h"
#include"adf_str.h"
#include"adf_util.h"
-#include"defendian.h"
+#include"Win32/defendian.h"
#include"adf_blk.h"
#include"adf_raw.h"
#include"adf_disk.h"
--- unadf-0.7.11a.orig/Lib/adf_raw.c
+++ unadf-0.7.11a/Lib/adf_raw.c
@@ -35,7 +35,7 @@
#include "adf_disk.h"
#include "adf_util.h"
#include "adf_err.h"
-#include "defendian.h"
+#include "Win32/defendian.h"
extern struct Env adfEnv;
--- unadf-0.7.11a.orig/Lib/adf_bitm.c
+++ unadf-0.7.11a/Lib/adf_bitm.c
@@ -33,7 +33,7 @@
#include"adf_err.h"
#include"adf_disk.h"
#include"adf_util.h"
-#include"defendian.h"
+#include"Win32/defendian.h"
extern unsigned long bitMask[32];
--- unadf-0.7.11a.orig/Lib/adf_cache.c
+++ unadf-0.7.11a/Lib/adf_cache.c
@@ -31,7 +31,7 @@
#include"adf_defs.h"
#include"adf_str.h"
#include"adf_err.h"
-#include"defendian.h"
+#include"Win32/defendian.h"
#include"adf_cache.h"
#include"adf_raw.h"
#include"adf_disk.h"
--- unadf-0.7.11a.orig/Lib/adf_hd.c
+++ unadf-0.7.11a/Lib/adf_hd.c
@@ -41,7 +41,7 @@
#include"adf_dump.h"
#include"adf_err.h"
-#include"defendian.h"
+#include"Win32/defendian.h"
extern struct Env adfEnv;
--- unadf-0.7.11a.orig/Lib/Generic/adf_nativ.c
+++ unadf-0.7.11a/Lib/Generic/adf_nativ.c
@@ -20,7 +20,6 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
- */
#include<stdio.h>
#include<stdlib.h>
--- unadf-0.7.11a.orig/Lib/Generic/adf_nativ.h
+++ unadf-0.7.11a/Lib/Generic/adf_nativ.h
@@ -20,7 +20,6 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
- */
#ifndef ADF_NATIV_H
#define ADF_NATIV_H

146
app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch Normal file
View File

@@ -0,0 +1,146 @@
Description: Fix unsafe extraction by using mkdir() instead of shell command
This commit fixes following vulnerabilities:
- CVE-2016-1243: stack buffer overflow caused by blindly trusting on
pathname lengths of archived files
Stack allocated buffer sysbuf was filled with sprintf() without any
bounds checking in extracTree() function.
- CVE-2016-1244: execution of unsanitized input
Shell command used for creating directory paths was constructed by
concatenating names of archived files to the end of the command
string.
So, if the user was tricked to extract a specially crafted .adf file,
the attacker was able to execute arbitrary code with privileges of the
user.
This commit fixes both issues by
1) replacing mkdir shell commands with mkdir() function calls
2) removing redundant sysbuf buffer
Author: Tuomas Räsänen <tuomasjjrasanen@tjjr.fi>
Last-Update: 2016-09-20
--
--- a/examples/unadf.c
+++ b/examples/unadf.c
@@ -24,6 +24,8 @@
#define UNADF_VERSION "1.0"
+#include <sys/stat.h>
+#include <sys/types.h>
#include<stdlib.h>
#include<errno.h>
@@ -31,17 +33,15 @@
#include "adflib.h"
-/* The portable way used to create a directory is to call the MKDIR command via the
- * system() function.
- * It is used to create the 'dir1' directory, like the 'dir1/dir11' directory
+/* The portable way used to create a directory is to call mkdir()
+ * which is defined by following standards: SVr4, BSD, POSIX.1-2001
+ * and POSIX.1-2008
*/
/* the portable way to check if a directory 'dir1' already exists i'm using is to
* do fopen('dir1','rb'). NULL is returned if 'dir1' doesn't exists yet, an handle instead
*/
-#define MKDIR "mkdir"
-
#ifdef WIN32
#define DIRSEP '\\'
#else
@@ -51,6 +51,13 @@
#define EXTBUFL 1024*8
+static void mkdirOrLogErr(const char *const path)
+{
+ if (mkdir(path, S_IRWXU | S_IRWXG | S_IRWXO))
+ fprintf(stderr, "mkdir: cannot create directory '%s': %s\n",
+ path, strerror(errno));
+}
+
void help()
{
puts("unadf [-lrcsp -v n] dumpname.adf [files-with-path] [-d extractdir]");
@@ -152,7 +159,6 @@ void extractTree(struct Volume *vol, str
{
struct Entry* entry;
char *buf;
- char sysbuf[200];
while(tree) {
entry = (struct Entry*)tree->content;
@@ -162,16 +168,14 @@ void extractTree(struct Volume *vol, str
buf=(char*)malloc(strlen(path)+1+strlen(entry->name)+1);
if (!buf) return;
sprintf(buf,"%s%c%s",path,DIRSEP,entry->name);
- sprintf(sysbuf,"%s %s",MKDIR,buf);
if (!qflag) printf("x - %s%c\n",buf,DIRSEP);
+ if (!pflag) mkdirOrLogErr(buf);
}
else {
- sprintf(sysbuf,"%s %s",MKDIR,entry->name);
if (!qflag) printf("x - %s%c\n",entry->name,DIRSEP);
+ if (!pflag) mkdirOrLogErr(entry->name);
}
- if (!pflag) system(sysbuf);
-
if (tree->subdir!=NULL) {
if (adfChangeDir(vol,entry->name)==RC_OK) {
if (buf!=NULL)
@@ -301,21 +305,20 @@ void processFile(struct Volume *vol, cha
extractFile(vol, name, path, extbuf, pflag, qflag);
}
else {
- /* the all-in-one string : to call system(), to find the filename, the convert dir sep char ... */
- bigstr=(char*)malloc(strlen(MKDIR)+1+strlen(path)+1+strlen(name)+1);
+ bigstr=(char*)malloc(strlen(path)+1+strlen(name)+1);
if (!bigstr) { fprintf(stderr,"processFile : malloc"); return; }
/* to build to extract path */
if (strlen(path)>0) {
- sprintf(bigstr,"%s %s%c%s",MKDIR,path,DIRSEP,name);
- cdstr = bigstr+strlen(MKDIR)+1+strlen(path)+1;
+ sprintf(bigstr,"%s%c%s",path,DIRSEP,name);
+ cdstr = bigstr+strlen(path)+1;
}
else {
- sprintf(bigstr,"%s %s",MKDIR,name);
- cdstr = bigstr+strlen(MKDIR)+1;
+ sprintf(bigstr,"%s",name);
+ cdstr = bigstr;
}
/* the directory in which the file will be extracted */
- fullname = bigstr+strlen(MKDIR)+1;
+ fullname = bigstr;
/* finds the filename, and separates it from the path */
filename = strrchr(bigstr,'/')+1;
@@ -333,7 +336,7 @@ void processFile(struct Volume *vol, cha
return;
tfile = fopen(fullname,"r"); /* the only portable way to test if the dir exists */
if (tfile==NULL) { /* does't exist : create it */
- if (!pflag) system(bigstr);
+ if (!pflag) mkdirOrLogErr(bigstr);
if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
}
else
@@ -350,7 +353,7 @@ void processFile(struct Volume *vol, cha
return;
tfile = fopen(fullname,"r");
if (tfile==NULL) {
- if (!pflag) system(bigstr);
+ if (!pflag) mkdirOrLogErr(bigstr);
if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
}
else

58
app-arch/unadf/files/adflib-0.7.12_separate_comment.patch → app-arch/unadf/files/unadf-0.7.12_separate_comment.patch
View File

@@ -1,14 +1,6 @@
--- adflib-0.7.12/examples/unadf.c 2006-12-03 17:22:38.000000000 +0100
+++ adflib-0.7.12-patched/examples/unadf.c 2014-02-23 09:45:29.315626096 +0100
@@ -50,7 +50,6 @@
#define EXTBUFL 1024*8
-
void help()
{
puts("unadf [-lrcsp -v n] dumpname.adf [files-with-path] [-d extractdir]");
@@ -58,6 +57,7 @@
--- adflib-0.7.12_a/examples/unadf.c 2021-07-09 17:38:47.980770205 +0200
+++ adflib-0.7.12_b/examples/unadf.c 2021-07-09 17:54:32.548793259 +0200
@@ -65,6 +65,7 @@
puts(" -r : lists directory tree contents");
puts(" -c : use dircache data (must be used with -l)");
puts(" -s : display entries logical block pointer (must be used with -l)");
@@ -16,7 +8,7 @@
putchar('\n');
puts(" -v n : mount volume #n instead of default #0 volume");
putchar('\n');
@@ -65,7 +65,8 @@
@@ -72,7 +73,8 @@
puts(" -d dir : extract to 'dir' directory");
}
@@ -26,7 +18,7 @@
{
/* do not print the links entries, ADFlib do not support them yet properly */
if (entry->type==ST_LFILE || entry->type==ST_LDIR || entry->type==ST_LSOFT)
@@ -74,12 +75,12 @@
@@ -81,12 +83,12 @@
if (entry->type==ST_DIR)
printf(" ");
else
@@ -41,7 +33,7 @@
if (strlen(path)>0)
printf(" %s/",path);
@@ -89,7 +90,7 @@
@@ -96,7 +98,7 @@
printf("%s/",entry->name);
else
printf("%s",entry->name);
@@ -50,7 +42,7 @@
printf(", %s",entry->comment);
putchar('\n');
@@ -199,13 +200,14 @@
@@ -203,13 +205,14 @@
}
@@ -67,7 +59,7 @@
if (tree->subdir!=NULL) {
entry = (struct Entry*)tree->content;
if (strlen(path)>0) {
@@ -215,11 +217,11 @@
@@ -219,11 +222,11 @@
return;
}
sprintf(buf,"%s/%s", path, entry->name);
@@ -81,7 +73,7 @@
}
tree = tree->next;
}
@@ -243,7 +245,7 @@
@@ -247,7 +250,7 @@
printf("???"); break;
}
@@ -90,7 +82,7 @@
printf(". Volumes = %d\n",dev->nVol);
}
@@ -273,7 +275,7 @@
@@ -277,7 +280,7 @@
if (vol->volName!=NULL)
printf(" \"%s\"", vol->volName);
@@ -99,7 +91,7 @@
printf(" %s ",isFFS(vol->dosType) ? "FFS" : "OFS");
if (isINTL(vol->dosType))
@@ -370,12 +372,10 @@
@@ -373,7 +376,7 @@
int main(int argc, char* argv[])
{
int i, j;
@@ -107,43 +99,27 @@
+ BOOL rflag, lflag, xflag, cflag, vflag, sflag, dflag, pflag, qflag, mflag;
struct List* files, *rtfiles;
char *devname, *dirname;
- char strbuf[80];
unsigned char *extbuf;
- int vInd, dInd, fInd, aInd;
BOOL nextArg;
struct Device *dev;
@@ -389,8 +389,7 @@
char strbuf[80];
@@ -392,7 +395,7 @@
exit(0);
}
- rflag = lflag = cflag = vflag = sflag = dflag = pflag = qflag = FALSE;
- vInd = dInd = fInd = aInd = -1;
+ rflag = lflag = cflag = vflag = sflag = dflag = pflag = qflag = mflag = FALSE;
vInd = dInd = fInd = aInd = -1;
xflag = TRUE;
dirname = NULL;
devname = NULL;
@@ -430,6 +429,9 @@
@@ -433,6 +436,9 @@
case 's':
sflag = TRUE;
break;
+ case 'm':
+ case 'm':
+ mflag = TRUE;
+ break;
case 'c':
cflag = TRUE;
break;
@@ -489,8 +491,7 @@
dev = adfMountDev( devname,TRUE );
if (!dev) {
- sprintf(strbuf,"Can't mount the dump device '%s'.\n", devname);
- fprintf(stderr, strbuf);
+ fprintf(stderr,"Can't mount the dump device '%s'.\n", devname);
adfEnvCleanUp(); exit(1);
}
if (!qflag)
@@ -523,13 +524,13 @@
@@ -526,13 +532,13 @@
if (!rflag) {
cell = list = adfGetDirEnt(vol,vol->curDirPtr);
while(cell) {

122
app-arch/unadf/files/unadf_separate_comment.patch
View File

@@ -1,122 +0,0 @@
diff -ur unadf-0.7.11a.orig/Demo/unadf.c unadf-0.7.11a/Demo/unadf.c
--- unadf-0.7.11a.orig/Demo/unadf.c 2013-05-12 17:59:51.214905177 +0200
+++ unadf-0.7.11a/Demo/unadf.c 2013-05-12 17:50:06.843420519 +0200
@@ -58,6 +58,7 @@
puts(" -r : lists directory tree contents");
puts(" -c : use dircache data (must be used with -l)");
puts(" -s : display entries logical block pointer (must be used with -l)");
+ puts(" -m : display file comments, if exists (must be used with -l)");
putchar('\n');
puts(" -v n : mount volume #n instead of default #0 volume");
putchar('\n');
@@ -65,7 +66,8 @@
puts(" -d dir : extract to 'dir' directory");
}
-void printEnt(struct Volume *vol, struct Entry* entry, char *path, BOOL sect)
+void printEnt(struct Volume *vol, struct Entry* entry, char *path, BOOL sect,
+ BOOL comment)
{
/* do not print the links entries, ADFlib do not support them yet properly */
if (entry->type==ST_LFILE || entry->type==ST_LDIR || entry->type==ST_LSOFT)
@@ -89,7 +91,7 @@
printf("%s/",entry->name);
else
printf("%s",entry->name);
- if (entry->comment!=NULL && strlen(entry->comment)>0)
+ if (comment && entry->comment!=NULL && strlen(entry->comment)>0)
printf(", %s",entry->comment);
putchar('\n');
@@ -199,13 +201,14 @@
}
-void printTree(struct Volume *vol, struct List* tree, char* path, BOOL sect)
+void printTree(struct Volume *vol, struct List* tree, char* path, BOOL sect,
+ BOOL comment)
{
char *buf;
struct Entry* entry;
while(tree) {
- printEnt(vol, tree->content, path, sect);
+ printEnt(vol, tree->content, path, sect, comment);
if (tree->subdir!=NULL) {
entry = (struct Entry*)tree->content;
if (strlen(path)>0) {
@@ -215,11 +218,11 @@
return;
}
sprintf(buf,"%s/%s", path, entry->name);
- printTree(vol, tree->subdir, buf, sect);
+ printTree(vol, tree->subdir, buf, sect, comment);
free(buf);
}
else
- printTree(vol, tree->subdir, entry->name, sect);
+ printTree(vol, tree->subdir, entry->name, sect, comment);
}
tree = tree->next;
}
@@ -370,12 +373,10 @@
int main(int argc, char* argv[])
{
int i, j;
- BOOL rflag, lflag, xflag, cflag, vflag, sflag, dflag, pflag, qflag;
+ BOOL rflag, lflag, xflag, cflag, vflag, sflag, dflag, pflag, qflag, mflag;
struct List* files, *rtfiles;
char *devname, *dirname;
- char strbuf[80];
unsigned char *extbuf;
- int vInd, dInd, fInd, aInd;
BOOL nextArg;
struct Device *dev;
@@ -389,8 +390,7 @@
exit(0);
}
- rflag = lflag = cflag = vflag = sflag = dflag = pflag = qflag = FALSE;
- vInd = dInd = fInd = aInd = -1;
+ rflag = lflag = cflag = vflag = sflag = dflag = pflag = qflag = mflag = FALSE;
xflag = TRUE;
dirname = NULL;
devname = NULL;
@@ -430,6 +430,9 @@
case 's':
sflag = TRUE;
break;
+ case 'm':
+ mflag = TRUE;
+ break;
case 'c':
cflag = TRUE;
break;
@@ -522,13 +525,13 @@
if (!rflag) {
cell = list = adfGetDirEnt(vol,vol->curDirPtr);
while(cell) {
- printEnt(vol,cell->content,"", sflag);
+ printEnt(vol,cell->content,"", sflag, mflag);
cell = cell->next;
}
adfFreeDirList(list);
} else {
cell = list = adfGetRDirEnt(vol,vol->curDirPtr,TRUE);
- printTree(vol,cell,"", sflag);
+ printTree(vol,cell,"", sflag, mflag);
adfFreeDirList(list);
}
}else if (xflag) {
diff -ur unadf-0.7.11a.orig/Demo/unadf.usage unadf-0.7.11a/Demo/unadf.usage
--- unadf-0.7.11a.orig/Demo/unadf.usage 2006-12-03 15:27:00.000000000 +0100
+++ unadf-0.7.11a/Demo/unadf.usage 2013-05-12 17:40:23.116966854 +0200
@@ -3,6 +3,7 @@
-r : lists directory tree contents
-c : use dircache data (must be used with -l)
-s : display entries logical block pointer (must be used with -l)
+ -m : display file comments, if exists (must be used with -l)
-v n : mount volume #n instead of default #0 volume