[Pkg-libburnia-devel] Bug#610781: libarchive: Does not recognize d-i ISO images

Thomas Schmitt scdbackup at gmx.net
Mon Jan 24 14:54:55 UTC 2011


Hi,

newly uploaded is
   http://www.gnu.org/software/xorriso/xorriso-1.0.1.tar.gz

Steve, if you want to patch your copy of xorriso-0.6.7:
I only added the memset() call to the following function in
libisofs/ecma119.c :

static
int write_vol_desc_terminator(Ecma119Image *target)
{
    int res;
    uint8_t buf[BLOCK_SIZE];
    struct ecma119_vol_desc_terminator *vol;

    memset(buf, 0, BLOCK_SIZE);

    vol = (struct ecma119_vol_desc_terminator *) buf;

    vol->vol_desc_type[0] = 255;
    memcpy(vol->std_identifier, "CD001", 5);
    vol->vol_desc_version[0] = 1;

    res = iso_write(target, buf, BLOCK_SIZE);
    return res;
}


So the bug is due to uninitialized local memory. The illegal content
in the reserved field stems from the Joliet Volume Descriptor which
was written immediately before the Volume Set Terminator.
I will now examine how much risk there is for other data
to have sneaked in. If a substantial privacy problem seems likely,
then i will have to make an emergency release.

(Will also reply to Bug#610783. Bear with me. I am not very experienced
 with Debian community ways.)


Have a nice day :)

Thomas






More information about the Pkg-libburnia-devel mailing list