poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/CVE-2021-41072-requisite-2.patch

The commit is required by the fix for CVE-2021-41072.

Upstream-Status: Backport [https://github.com/plougher/squashfs-tools/commit/1993a4e]

Signed-off-by: Kai Kang <kai.kang@windriver.com>

From 1993a4e7aeda04962bf26e84c15fba8b58837e10 Mon Sep 17 00:00:00 2001
From: Phillip Lougher <phillip@squashfs.org.uk>
Date: Sun, 12 Sep 2021 20:09:13 +0100
Subject: [PATCH] unsquashfs: dynamically allocate name

Dynamically allocate name rather than store it
directly in structure.

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
---
 squashfs-tools/unsquash-1.c    | 2 +-
 squashfs-tools/unsquash-1234.c | 5 +++++
 squashfs-tools/unsquash-2.c    | 2 +-
 squashfs-tools/unsquash-3.c    | 2 +-
 squashfs-tools/unsquash-4.c    | 2 +-
 squashfs-tools/unsquashfs.h    | 2 +-
 6 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/squashfs-tools/unsquash-1.c b/squashfs-tools/unsquash-1.c
index 7598499..d0121c6 100644
--- a/squashfs-tools/unsquash-1.c
+++ b/squashfs-tools/unsquash-1.c
@@ -360,7 +360,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
 				dir->dirs = new_dir;
 			}
 
-			strcpy(dir->dirs[dir->dir_count].name, dire->name);
+			dir->dirs[dir->dir_count].name = strdup(dire->name);
 			dir->dirs[dir->dir_count].start_block =
 				dirh.start_block;
 			dir->dirs[dir->dir_count].offset = dire->offset;
diff --git a/squashfs-tools/unsquash-1234.c b/squashfs-tools/unsquash-1234.c
index 0c8dfbb..ac46d9d 100644
--- a/squashfs-tools/unsquash-1234.c
+++ b/squashfs-tools/unsquash-1234.c
@@ -60,6 +60,11 @@ int check_name(char *name, int size)
 
 void squashfs_closedir(struct dir *dir)
 {
+	int i;
+
+	for(i = 0; i < dir->dir_count; i++)
+		free(dir->dirs[i].name);
+
 	free(dir->dirs);
 	free(dir);
 }
diff --git a/squashfs-tools/unsquash-2.c b/squashfs-tools/unsquash-2.c
index 86f62ba..e847980 100644
--- a/squashfs-tools/unsquash-2.c
+++ b/squashfs-tools/unsquash-2.c
@@ -452,7 +452,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
 				dir->dirs = new_dir;
 			}
 
-			strcpy(dir->dirs[dir->dir_count].name, dire->name);
+			dir->dirs[dir->dir_count].name = strdup(dire->name);
 			dir->dirs[dir->dir_count].start_block =
 				dirh.start_block;
 			dir->dirs[dir->dir_count].offset = dire->offset;
diff --git a/squashfs-tools/unsquash-3.c b/squashfs-tools/unsquash-3.c
index c04aa9e..8223f27 100644
--- a/squashfs-tools/unsquash-3.c
+++ b/squashfs-tools/unsquash-3.c
@@ -486,7 +486,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
 				dir->dirs = new_dir;
 			}
 
-			strcpy(dir->dirs[dir->dir_count].name, dire->name);
+			dir->dirs[dir->dir_count].name = strdup(dire->name);
 			dir->dirs[dir->dir_count].start_block =
 				dirh.start_block;
 			dir->dirs[dir->dir_count].offset = dire->offset;
diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
index ff62dcc..1e199a7 100644
--- a/squashfs-tools/unsquash-4.c
+++ b/squashfs-tools/unsquash-4.c
@@ -423,7 +423,7 @@ static struct dir *squashfs_opendir(unsigned int block_start, unsigned int offse
 				dir->dirs = new_dir;
 			}
 
-			strcpy(dir->dirs[dir->dir_count].name, dire->name);
+			dir->dirs[dir->dir_count].name = strdup(dire->name);
 			dir->dirs[dir->dir_count].start_block =
 				dirh.start_block;
 			dir->dirs[dir->dir_count].offset = dire->offset;
diff --git a/squashfs-tools/unsquashfs.h b/squashfs-tools/unsquashfs.h
index 5ecb2ab..583fbe4 100644
--- a/squashfs-tools/unsquashfs.h
+++ b/squashfs-tools/unsquashfs.h
@@ -164,7 +164,7 @@ struct queue {
 #define DIR_ENT_SIZE	16
 
 struct dir_ent	{
-	char		name[SQUASHFS_NAME_LEN + 1];
+	char		*name;
 	unsigned int	start_block;
 	unsigned int	offset;
 	unsigned int	type;
-- 
2.17.1