Fix CVE-2016-2037 (out of bounds write in process_copy_in()). Copied from upstream mailing list: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html --- Other calls to cpio_safer_name_suffix seem to be safe. . * src/copyin.c (process_copy_in): Make sure that file_hdr.c_name has at least two bytes allocated. * src/util.c (cpio_safer_name_suffix): Document that use of this function requires to be careful. Author: Pavel Raiskup --- src/copyin.c | 2 ++ src/util.c | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) Index: cpio-2.11+dfsg/src/copyin.c =================================================================== --- cpio-2.11+dfsg.orig/src/copyin.c +++ cpio-2.11+dfsg/src/copyin.c @@ -1433,6 +1433,8 @@ process_copy_in () break; } + if (file_hdr.c_namesize <= 1) + file_hdr.c_name = xrealloc(file_hdr.c_name, 2); cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag, false); Index: cpio-2.11+dfsg/src/util.c =================================================================== --- cpio-2.11+dfsg.orig/src/util.c +++ cpio-2.11+dfsg/src/util.c @@ -1374,7 +1374,10 @@ set_file_times (int fd, } /* Do we have to ignore absolute paths, and if so, does the filename - have an absolute path? */ + have an absolute path? + Before calling this function make sure that the allocated NAME buffer has + capacity at least 2 bytes to allow us to store the "." string inside. */ + void cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, bool strip_leading_dots) tests/guix-package-net.sh'>
path: root/tests/guix-package-net.sh
AgeCommit message (Expand)Author
2022-01-19package: Honor '--dry-run' when target profile is already in store....Fixes <https://issues.guix.gnu.org/53267>. Reported by Tirifto <tirifto@posteo.cz>. Regression introduced in 65ffb9388c1c3d870cb07e4cb3ef12c9ac06a161. In the (unlikely) case where the profile we're targeting with "guix upgrade -n" or similar is already built, a new profile generation would be created and linked to despite the use of '-n'. This is because 65ffb9388c1c3d870cb07e4cb3ef12c9ac06a161 assumed that dry-run behavior would be handled solely by the build handler, which is not the case when there's nothing to build. * guix/scripts/package.scm (build-and-use-profile): Reintroduce #:dry-run? and honor it. (process-actions): Pass #:dry-run? to 'build-and-use-profile'. * tests/guix-package-net.sh: Add test. Ludovic Courtès
2022-01-16tests: Clean up after 'tests/guix-package-net.sh'....* tests/guix-package-net.sh: Remove second 'trap' line. Change first 'trap' line to remove "$module_dir" and *.lock files. Ludovic Courtès
2020-09-28tests: Simplify shell exit status negation;...* tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh, tests/guix-daemon.sh, tests/guix-download.sh, tests/guix-environment.sh, tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh, tests/guix-hash.sh, tests/guix-lint.sh, tests/guix-pack-relocatable.sh, tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh, tests/guix-package.sh: Use the shell '!' keyword to negate command exit status in place of 'if ...; then false; else true; fi' Eric Bavier
2020-05-23guix package: Support multiple profiles with '--list-installed'....* guix/scripts/package.scm (process-query): List installed multiple profiles. * tests/guix-package-net.sh: Test it. Signed-off-by: Ludovic Courtès <ludo@gnu.org> zimoun