Message ID | 20211205144553.3554426-1-aurelien@aurel32.net |
---|---|
State | New |
Headers | show |
Series | localedef: check magic value on archive load [BZ #28650] | expand |
On 05/12/2021 11:45, Aurelien Jarno wrote: > localedef currently blindly trust the archive header. When passed an > archive file with the wrong endianess, this leads to a segmentation > fault: > > $ localedef --big-endian --list-archive /usr/lib/locale/locale-archive > Segmentation fault (core dumped) > > When passed non-archive files, asserts are reported on the best case, > but sometimes it can lead to a segmentation fault: > > $ localedef --list-archive /bin/true > localedef: programs/locarchive.c:1643: show_archive_content: Assertion `used < GET (head->namehash_used)' failed. > Aborted (core dumped) > > $ localedef --list-archive /usr/lib/locale/C.utf8/LC_COLLATE > Segmentation fault (core dumped) > > This patch improves the user experience by looking at the magic value, > which is always written, but never checked. It should still be possible > to trigger a segmentation fault with crafted files, but this already > catch many cases. LGTM, thanks. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> > --- > locale/programs/locarchive.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c > index eeec3ab648..477499bd40 100644 > --- a/locale/programs/locarchive.c > +++ b/locale/programs/locarchive.c > @@ -654,6 +654,13 @@ open_archive (struct locarhandle *ah, bool readonly) > error (EXIT_FAILURE, errno, _("cannot read archive header")); > } > > + /* Check the magic value */ > + if (GET (head.magic) != AR_MAGIC) > + { > + (void) lockf64 (fd, F_ULOCK, sizeof (struct locarhead)); > + error (EXIT_FAILURE, 0, _("bad magic value in archive header")); > + } > + > ah->fd = fd; > ah->mmaped = st.st_size; > >
diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c index eeec3ab648..477499bd40 100644 --- a/locale/programs/locarchive.c +++ b/locale/programs/locarchive.c @@ -654,6 +654,13 @@ open_archive (struct locarhandle *ah, bool readonly) error (EXIT_FAILURE, errno, _("cannot read archive header")); } + /* Check the magic value */ + if (GET (head.magic) != AR_MAGIC) + { + (void) lockf64 (fd, F_ULOCK, sizeof (struct locarhead)); + error (EXIT_FAILURE, 0, _("bad magic value in archive header")); + } + ah->fd = fd; ah->mmaped = st.st_size;