Skip to content

Commit

Permalink
MFV r305816:
Browse files Browse the repository at this point in the history
Sync libarchive with vendor including important security fixes.

Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions

This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Fix for vulnerability #2 has already been merged in r304989.

MFC after:	1 week
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
  • Loading branch information
mmatuska committed Sep 14, 2016
1 parent 6b0578f commit dfb2179
Show file tree
Hide file tree
Showing 10 changed files with 469 additions and 152 deletions.
9 changes: 9 additions & 0 deletions contrib/libarchive/libarchive/archive_platform.h
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,15 @@
#define CAN_RESTORE_METADATA_FD
#endif

/*
* glibc 2.24 deprecates readdir_r
*/
#if defined(HAVE_READDIR_R) && (!defined(__GLIBC__) || !defined(__GLIBC_MINOR__) || __GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 24))
#define USE_READDIR_R 1
#else
#undef USE_READDIR_R
#endif

/* Set up defaults for internal error codes. */
#ifndef ARCHIVE_ERRNO_FILE_FORMAT
#if HAVE_EFTYPE
Expand Down
128 changes: 94 additions & 34 deletions contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c
Original file line number Diff line number Diff line change
Expand Up @@ -411,9 +411,7 @@ setup_acls(struct archive_read_disk *a,
{
const char *accpath;
acl_t acl;
#if HAVE_ACL_IS_TRIVIAL_NP
int r;
#endif

accpath = archive_entry_sourcepath(entry);
if (accpath == NULL)
Expand Down Expand Up @@ -473,9 +471,13 @@ setup_acls(struct archive_read_disk *a,
}
#endif
if (acl != NULL) {
translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4);
r = translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4);
acl_free(acl);
return (ARCHIVE_OK);
if (r != ARCHIVE_OK) {
archive_set_error(&a->archive, errno,
"Couldn't translate NFSv4 ACLs: %s", accpath);
}
return (r);
}
#endif /* ACL_TYPE_NFS4 */

Expand Down Expand Up @@ -506,19 +508,30 @@ setup_acls(struct archive_read_disk *a,
#endif

if (acl != NULL) {
translate_acl(a, entry, acl,
r = translate_acl(a, entry, acl,
ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
acl_free(acl);
acl = NULL;
if (r != ARCHIVE_OK) {
archive_set_error(&a->archive, errno,
"Couldn't translate access ACLs: %s", accpath);
return (r);
}
}

/* Only directories can have default ACLs. */
if (S_ISDIR(archive_entry_mode(entry))) {
acl = acl_get_file(accpath, ACL_TYPE_DEFAULT);
if (acl != NULL) {
translate_acl(a, entry, acl,
r = translate_acl(a, entry, acl,
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT);
acl_free(acl);
if (r != ARCHIVE_OK) {
archive_set_error(&a->archive, errno,
"Couldn't translate default ACLs: %s",
accpath);
return (r);
}
}
}
return (ARCHIVE_OK);
Expand Down Expand Up @@ -574,51 +587,67 @@ translate_acl(struct archive_read_disk *a,
#ifdef ACL_TYPE_NFS4
acl_entry_type_t acl_type;
acl_flagset_t acl_flagset;
int brand, r;
int brand;
#endif
acl_entry_t acl_entry;
acl_permset_t acl_permset;
int i, entry_acl_type;
int s, ae_id, ae_tag, ae_perm;
int r, s, ae_id, ae_tag, ae_perm;
const char *ae_name;

#ifdef ACL_TYPE_NFS4
// FreeBSD "brands" ACLs as POSIX.1e or NFSv4
// Make sure the "brand" on this ACL is consistent
// with the default_entry_acl_type bits provided.
acl_get_brand_np(acl, &brand);
if (acl_get_brand_np(acl, &brand) != 0) {
archive_set_error(&a->archive, errno,
"Failed to read ACL brand");
return (ARCHIVE_WARN);
}
switch (brand) {
case ACL_BRAND_POSIX:
switch (default_entry_acl_type) {
case ARCHIVE_ENTRY_ACL_TYPE_ACCESS:
case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
break;
default:
// XXX set warning message?
return ARCHIVE_FAILED;
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
"Invalid ACL entry type for POSIX.1e ACL");
return (ARCHIVE_WARN);
}
break;
case ACL_BRAND_NFS4:
if (default_entry_acl_type & ~ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
// XXX set warning message?
return ARCHIVE_FAILED;
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
"Invalid ACL entry type for NFSv4 ACL");
return (ARCHIVE_WARN);
}
break;
default:
// XXX set warning message?
return ARCHIVE_FAILED;
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
"Unknown ACL brand");
return (ARCHIVE_WARN);
break;
}
#endif


s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
if (s == -1) {
archive_set_error(&a->archive, errno,
"Failed to get first ACL entry");
return (ARCHIVE_WARN);
}
while (s == 1) {
ae_id = -1;
ae_name = NULL;
ae_perm = 0;

acl_get_tag_type(acl_entry, &acl_tag);
if (acl_get_tag_type(acl_entry, &acl_tag) != 0) {
archive_set_error(&a->archive, errno,
"Failed to get ACL tag type");
return (ARCHIVE_WARN);
}
switch (acl_tag) {
case ACL_USER:
ae_id = (int)*(uid_t *)acl_get_qualifier(acl_entry);
Expand Down Expand Up @@ -653,13 +682,18 @@ translate_acl(struct archive_read_disk *a,
continue;
}

// XXX acl type maps to allow/deny/audit/YYYY bits
// XXX acl_get_entry_type_np on FreeBSD returns EINVAL for
// non-NFSv4 ACLs
// XXX acl_type maps to allow/deny/audit/YYYY bits
entry_acl_type = default_entry_acl_type;
#ifdef ACL_TYPE_NFS4
r = acl_get_entry_type_np(acl_entry, &acl_type);
if (r == 0) {
if (default_entry_acl_type & ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
/*
* acl_get_entry_type_np() falis with non-NFSv4 ACLs
*/
if (acl_get_entry_type_np(acl_entry, &acl_type) != 0) {
archive_set_error(&a->archive, errno, "Failed "
"to get ACL type from a NFSv4 ACL entry");
return (ARCHIVE_WARN);
}
switch (acl_type) {
case ACL_ENTRY_TYPE_ALLOW:
entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALLOW;
Expand All @@ -673,32 +707,53 @@ translate_acl(struct archive_read_disk *a,
case ACL_ENTRY_TYPE_ALARM:
entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALARM;
break;
default:
archive_set_error(&a->archive, errno,
"Invalid NFSv4 ACL entry type");
return (ARCHIVE_WARN);
}
}

/*
* Libarchive stores "flag" (NFSv4 inheritance bits)
* in the ae_perm bitmap.
*/
// XXX acl_get_flagset_np on FreeBSD returns EINVAL for
// non-NFSv4 ACLs
r = acl_get_flagset_np(acl_entry, &acl_flagset);
if (r == 0) {
/*
* Libarchive stores "flag" (NFSv4 inheritance bits)
* in the ae_perm bitmap.
*
* acl_get_flagset_np() fails with non-NFSv4 ACLs
*/
if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
archive_set_error(&a->archive, errno,
"Failed to get flagset from a NFSv4 ACL entry");
return (ARCHIVE_WARN);
}
for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
if (acl_get_flag_np(acl_flagset,
acl_inherit_map[i].platform_inherit))
r = acl_get_flag_np(acl_flagset,
acl_inherit_map[i].platform_inherit);
if (r == -1) {
archive_set_error(&a->archive, errno,
"Failed to check flag in a NFSv4 "
"ACL flagset");
return (ARCHIVE_WARN);
} else if (r)
ae_perm |= acl_inherit_map[i].archive_inherit;
}
}
#endif

acl_get_permset(acl_entry, &acl_permset);
if (acl_get_permset(acl_entry, &acl_permset) != 0) {
archive_set_error(&a->archive, errno,
"Failed to get ACL permission set");
return (ARCHIVE_WARN);
}
for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
/*
* acl_get_perm() is spelled differently on different
* platforms; see above.
*/
if (ACL_GET_PERM(acl_permset, acl_perm_map[i].platform_perm))
r = ACL_GET_PERM(acl_permset, acl_perm_map[i].platform_perm);
if (r == -1) {
archive_set_error(&a->archive, errno,
"Failed to check permission in an ACL permission set");
return (ARCHIVE_WARN);
} else if (r)
ae_perm |= acl_perm_map[i].archive_perm;
}

Expand All @@ -707,6 +762,11 @@ translate_acl(struct archive_read_disk *a,
ae_id, ae_name);

s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
if (s == -1) {
archive_set_error(&a->archive, errno,
"Failed to get next ACL entry");
return (ARCHIVE_WARN);
}
}
return (ARCHIVE_OK);
}
Expand Down
28 changes: 14 additions & 14 deletions contrib/libarchive/libarchive/archive_read_disk_posix.c
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ struct filesystem {
int synthetic;
int remote;
int noatime;
#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
size_t name_max;
#endif
long incr_xfer_size;
Expand Down Expand Up @@ -200,7 +200,7 @@ struct tree {
DIR *d;
#define INVALID_DIR_HANDLE NULL
struct dirent *de;
#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
struct dirent *dirent;
size_t dirent_allocated;
#endif
Expand Down Expand Up @@ -1592,7 +1592,7 @@ setup_current_filesystem(struct archive_read_disk *a)
#endif
t->current_filesystem->noatime = 0;

#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
/* Set maximum filename length. */
#if defined(HAVE_STRUCT_STATFS_F_NAMEMAX)
t->current_filesystem->name_max = sfs.f_namemax;
Expand All @@ -1615,7 +1615,7 @@ setup_current_filesystem(struct archive_read_disk *a)
else
t->current_filesystem->name_max = nm;
#endif
#endif /* HAVE_READDIR_R */
#endif /* USE_READDIR_R */
return (ARCHIVE_OK);
}

Expand Down Expand Up @@ -1817,7 +1817,7 @@ setup_current_filesystem(struct archive_read_disk *a)
#endif
t->current_filesystem->noatime = 0;

#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
/* Set maximum filename length. */
t->current_filesystem->name_max = sfs.f_namelen;
#endif
Expand Down Expand Up @@ -1901,7 +1901,7 @@ setup_current_filesystem(struct archive_read_disk *a)
#endif
t->current_filesystem->noatime = 0;

#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
/* Set maximum filename length. */
t->current_filesystem->name_max = sfs.f_namemax;
#endif
Expand All @@ -1918,7 +1918,7 @@ static int
setup_current_filesystem(struct archive_read_disk *a)
{
struct tree *t = a->tree;
#if defined(_PC_NAME_MAX) && defined(HAVE_READDIR_R)
#if defined(_PC_NAME_MAX) && defined(USE_READDIR_R)
long nm;
#endif
t->current_filesystem->synthetic = -1;/* Not supported */
Expand All @@ -1930,7 +1930,7 @@ setup_current_filesystem(struct archive_read_disk *a)
t->current_filesystem->min_xfer_size = -1;
t->current_filesystem->incr_xfer_size = -1;

#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
/* Set maximum filename length. */
# if defined(_PC_NAME_MAX)
if (tree_current_is_symblic_link_target(t)) {
Expand Down Expand Up @@ -1958,7 +1958,7 @@ setup_current_filesystem(struct archive_read_disk *a)
else
t->current_filesystem->name_max = nm;
# endif /* _PC_NAME_MAX */
#endif /* HAVE_READDIR_R */
#endif /* USE_READDIR_R */
return (ARCHIVE_OK);
}

Expand Down Expand Up @@ -2366,7 +2366,7 @@ tree_dir_next_posix(struct tree *t)
size_t namelen;

if (t->d == NULL) {
#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
size_t dirent_size;
#endif

Expand All @@ -2387,7 +2387,7 @@ tree_dir_next_posix(struct tree *t)
t->visit_type = r != 0 ? r : TREE_ERROR_DIR;
return (t->visit_type);
}
#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
dirent_size = offsetof(struct dirent, d_name) +
t->filesystem_table[t->current->filesystem_id].name_max + 1;
if (t->dirent == NULL || t->dirent_allocated < dirent_size) {
Expand All @@ -2404,11 +2404,11 @@ tree_dir_next_posix(struct tree *t)
}
t->dirent_allocated = dirent_size;
}
#endif /* HAVE_READDIR_R */
#endif /* USE_READDIR_R */
}
for (;;) {
errno = 0;
#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
r = readdir_r(t->d, t->dirent, &t->de);
#ifdef _AIX
/* Note: According to the man page, return value 9 indicates
Expand Down Expand Up @@ -2660,7 +2660,7 @@ tree_free(struct tree *t)
if (t == NULL)
return;
archive_string_free(&t->path);
#if defined(HAVE_READDIR_R)
#if defined(USE_READDIR_R)
free(t->dirent);
#endif
free(t->sparse_list);
Expand Down
Loading

0 comments on commit dfb2179

Please sign in to comment.