Hi release managers! I have uploaded unrar-nonfree 3.7.3 to unstable, fixing CVE-2007-0855. Testing version is 3.5.4 and it's also vulnerable. Changes from 3.5.4 to 3.7.3 are big: 71 files changed, 1307 insertions and 476 deletions (so probably you won't allow version 3.7.3 to propagate to testing). Martin have backported the fix for this issue to 3.5.4: 2 files changed, 19 insertions and 17 deletions. The patch is attached for review. If everything is correct, do you allow the upload of a fixed 3.5.4 to testing-proposed-updates, please? Thank you! Best regards, Nelson
--- unrar-nonfree-3.5.4/consio.cpp 2005-10-04 08:57:54.000000000 +0100
+++ unrar-nonfree-3.7.3/consio.cpp 2007-02-02 06:13:40.000000000 +0000
@@ -4,7 +4,9 @@
#include "log.cpp"
#endif
+#if !defined(GUI) && !defined(SILENT)
static void RawPrint(char *Msg,MESSAGE_TYPE MessageType);
+#endif
static MESSAGE_TYPE MsgStream=MSG_STDOUT;
static bool Sound=false;
@@ -119,11 +121,12 @@
OemToChar(Str,Str);
SetConsoleMode(hConIn,ConInMode);
SetConsoleMode(hConOut,ConOutMode);
-#elif defined(_EMX) || defined(_BEOS)
+#elif defined(_EMX) || defined(_BEOS) || defined(__sparc) || defined(sparc) || defined (__VMS)
fgets(Str,MaxLength-1,stdin);
#else
- strncpy(Str,getpass(""),MaxLength-1);
+ strncpyz(Str,getpass(""),MaxLength);
#endif
+ Str[MaxLength-1]=0;
RemoveLF(Str);
}
#endif
@@ -157,7 +160,7 @@
Alarm();
while (true)
{
- char PromptStr[256];
+ char PromptStr[NM+256];
#if defined(_EMX) || defined(_BEOS)
strcpy(PromptStr,St(MAskPswEcho));
#else
@@ -166,7 +169,9 @@
if (Type!=PASSWORD_GLOBAL)
{
strcat(PromptStr,St(MFor));
- strcat(PromptStr,PointToName(FileName));
+ char *NameOnly=PointToName(FileName);
+ if (strlen(PromptStr)+strlen(NameOnly)<ASIZE(PromptStr))
+ strcat(PromptStr,NameOnly);
}
eprintf("\n%s: ",PromptStr);
GetPasswordText(Password,MaxLength);
@@ -174,19 +179,12 @@
return(false);
if (Type==PASSWORD_GLOBAL)
{
- strcpy(PromptStr,St(MReAskPsw));
- eprintf(PromptStr);
- char CmpStr[256];
- GetPasswordText(CmpStr,sizeof(CmpStr));
+ eprintf(St(MReAskPsw));
+ char CmpStr[MAXPASSWORD];
+ GetPasswordText(CmpStr,ASIZE(CmpStr));
if (*CmpStr==0 || strcmp(Password,CmpStr)!=0)
{
- strcpy(PromptStr,St(MNotMatchPsw));
-/*
-#ifdef _WIN_32
- CharToOem(PromptStr,PromptStr);
-#endif
-*/
- eprintf(PromptStr);
+ eprintf(St(MNotMatchPsw));
memset(Password,0,MaxLength);
memset(CmpStr,0,sizeof(CmpStr));
continue;
@@ -210,7 +208,7 @@
for (const char *NextItem=AskStr;NextItem!=NULL;NextItem=strchr(NextItem+1,'_'))
{
char *CurItem=Item[NumItems];
- strncpy(CurItem,NextItem+1,sizeof(Item[0]));
+ strncpyz(CurItem,NextItem+1,ASIZE(Item[0]));
char *EndItem=strchr(CurItem,'_');
if (EndItem!=NULL)
*EndItem=0;
--- unrar-nonfree-3.5.4/consio.hpp 2005-10-04 08:57:54.000000000 +0100
+++ unrar-nonfree-3.7.3/consio.hpp 2007-02-02 06:13:42.000000000 +0000
@@ -25,7 +25,11 @@
#define mprintf(args...)
#define eprintf(args...)
#else
- inline void mprintf(const char *fmt,const char *a=NULL,const char *b=NULL) {}
+ #ifdef _MSC_VER
+ inline void mprintf(const char *fmt,...) {}
+ #else
+ inline void mprintf(const char *fmt,const char *a=NULL,const char *b=NULL) {}
+ #endif
inline void eprintf(const char *fmt,const char *a=NULL,const char *b=NULL) {}
inline void mprintf(const char *fmt,int b) {}
inline void eprintf(const char *fmt,int b) {}
Attachment:
signature.asc
Description: Digital signature