mirror of
https://github.com/opnsense/src.git
synced 2026-06-04 14:26:03 -04:00
2ae238160f
Libarchive 3.7.7
Security fixes:
#2158 rpm: calculate huge header sizes correctly
#2160 util: fix out of boundary access in mktemp functions
#2168 uu: stop processing if lines are too long
#2174 lzop: prevent integer overflow
#2172 rar4: protect copy_from_lzss_window_to_unp() (CVE-2024-20696)
#2175 unzip: unify EOF handling
#2179 rar4: fix out of boundary access with large files
#2203 rar4: fix OOB access with unicode filenames
#2210 rar4: add boundary checks to rgb filter
#2248 rar4: fix OOB in delta filter
#2249 rar4: fix OOB in audio filter
#2256 fix multiple vulnerabilities identified by SAST
#2258 cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing
#2265 rar5: clear 'data ready' cache on window buffer reallocs
#2269 rar4: fix CVE-2024-26256 (CVE-2024-26256)
#2330 iso: be more cautious about parsing ISO-9660 timestamps
#2343 tar: clean up linkpath between entries
#2364 tar: don't crash on truncated tar archives
#2366 gzip: prevent a hang when processing a malformed gzip inside a gzip
#2377 tar: fix two leaks in tar header parsing
Important bugfixes:
#2096 rar5: report encrypted entries
#2150 xar: fix another infinite loop and expat error handling
#2173 shar: check strdup return value
#2161 lha: fix integer truncation on 32-bit systems
#2338 tar: fix memory leaks when processing symlinks or parsing pax headers
#2245 7zip: fix issue when skipping first file in 7zip archive that
is a multiple of 65536 bytes
#2252 7-zip: read/write symlink paths as UTF-8
#2259 rar5: don't try to read rediculously long names
#2290 ar: fix archive entries having no type
#2360 tar: fix truncation of entry pathnames in specific archives
CVE: CVE-2024-20696, CVE-2024-26256
(cherry picked from commit bd66c1b43e)
57 lines
1.4 KiB
C
57 lines
1.4 KiB
C
/*-
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*
|
|
* Copyright (c) 2003-2007 Tim Kientzle
|
|
* All rights reserved.
|
|
*/
|
|
#include "test.h"
|
|
|
|
/*
|
|
* Test that "--help", "-h", and "-W help" options all work and
|
|
* generate reasonable output.
|
|
*/
|
|
|
|
static int
|
|
in_first_line(const char *p, const char *substring)
|
|
{
|
|
size_t l = strlen(substring);
|
|
|
|
while (*p != '\0' && *p != '\n') {
|
|
if (memcmp(p, substring, l) == 0)
|
|
return (1);
|
|
++p;
|
|
}
|
|
return (0);
|
|
}
|
|
|
|
DEFINE_TEST(test_help)
|
|
{
|
|
int r;
|
|
char *p;
|
|
size_t plen;
|
|
|
|
/* Exercise --help option. */
|
|
r = systemf("%s --help >help.stdout 2>help.stderr", testprog);
|
|
assertEqualInt(r, 0);
|
|
failure("--help should generate nothing to stderr.");
|
|
assertEmptyFile("help.stderr");
|
|
/* Help message should start with name of program. */
|
|
p = slurpfile(&plen, "help.stdout");
|
|
failure("Help output should be long enough.");
|
|
assert(plen >= 6);
|
|
failure("First line of help output should contain 'bsdcat': %s", p);
|
|
assert(in_first_line(p, "bsdcat"));
|
|
/*
|
|
* TODO: Extend this check to further verify that --help output
|
|
* looks approximately right.
|
|
*/
|
|
free(p);
|
|
|
|
/* -h option should generate the same output. */
|
|
r = systemf("%s -h >h.stdout 2>h.stderr", testprog);
|
|
assertEqualInt(r, 0);
|
|
failure("-h should generate nothing to stderr.");
|
|
assertEmptyFile("h.stderr");
|
|
failure("stdout should be same for -h and --help");
|
|
assertEqualFile("h.stdout", "help.stdout");
|
|
}
|