Bug 1318084 - cpio 2.11 fails to extract archive (upstream fix available, backport request)
Summary: cpio 2.11 fails to extract archive (upstream fix available, backport request)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: cpio
Version: 7.2
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Pavel Raiskup
QA Contact: Vaclav Danek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-16 02:22 UTC by Jan Hilberath
Modified: 2018-04-10 10:07 UTC (History)
4 users (show)

Fixed In Version: cpio-2.11-27.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-10 10:07:29 UTC
Target Upstream Version:


Attachments (Terms of Use)
Patch file for upstream version 2.11 (1.32 KB, patch)
2016-03-16 02:24 UTC, Jan Hilberath
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0693 None None None 2018-04-10 10:07:49 UTC

Description Jan Hilberath 2016-03-16 02:22:20 UTC
Description of problem:

The cpio version delivered with RHEL 7 is not able to extract files from a certain archive (see below for details on how to get that archive).


Version-Release number of selected component (if applicable):

Name        : cpio
Arch        : x86_64
Version     : 2.11
Release     : 24.el7


Steps to Reproduce:

The archive in question is part of the Mac OS X 10.11.3 update and can be obtained as follows:

$ curl -s -L -r "187085540-191012220" "https://support.apple.com/downloads/DL1858/en_US/osxupd10.11.3.dmg" > osxupd10.11.3.dmg.chunk

$ file osxupd10.11.3.dmg.chunk 
osxupd10.11.3.dmg.chunk: XZ compressed data

$ unxz < osxupd10.11.3.dmg.chunk > osxupd10.11.3.dmg.chunk.unxz


Actual results:

Files cannot be listed or extracted.

$ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz
cpio: premature end of file


Expected results:

Files can be listed or extracted.

$ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz
cpio: warning: skipped 448149 bytes of junk
./System/Library/Extensions/AMDShared.bundle/Contents/_CodeSignature
...
[list of further files contained in the archive]
...
./System/Library/Extensions/AppleCameraInterface.kext/Contents/MacOS/AppleCameraInterface
cpio: premature end of file


Additional info:

It's a bug in cpio 2.11 that has been fixed in 2.12.

The commit that introduced the bug is:
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=27e0ae559068c65a54299b5540f8154deb641f7c

The commit that fixed the bug is:
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d116c4564c1796be9be2799619cf7785d07

It works when building the upstream 2.11 sources with this patch applied:
https://gist.github.com/yantarou/ecf0931d13203fb8bbde

Comment 2 Jan Hilberath 2016-03-16 02:24:56 UTC
Created attachment 1136807 [details]
Patch file for upstream version 2.11

Comment 3 Pavel Raiskup 2016-03-16 06:48:29 UTC
Thanks for the report, upstream discussion:
http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00007.html

--
Thank you for taking the time to enter a bug report with us. We appreciate the
feedback and look to use reports such as this to guide our efforts at
improving our products. That being said, this bug tracking system is not a
mechanism for requesting support, and we are not able to  guarantee the
timeliness or suitability of a resolution.

If this issue is critical or in any way time sensitive, please raise a ticket
through your regular Red Hat support channels to make certain  it receives the
proper attention and prioritization to assure a timely resolution.

For information on how to contact the Red Hat production support team, please
visit https://www.redhat.com/support/process/production/#howto

Comment 4 Pavel Raiskup 2016-10-24 12:46:04 UTC
(In reply to Jan Hilberath from comment #0)
> $ unxz < osxupd10.11.3.dmg.chunk > osxupd10.11.3.dmg.chunk.unxz
> ...

BTW: This command says this on my RHEL7 box ...

    unxz: (stdin): Unexpected end of input

> $ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz
> cpio: premature end of file

... which might be the reason for cpio failure.

Comment 5 Ward 2016-10-24 12:58:43 UTC
Pavel, that's unrelated. Just copying cpio from Debian (which has the fix) makes it work fine.

Comment 6 Pavel Raiskup 2016-10-24 13:30:30 UTC
Thanks for quick update, Ward.  It is however (without any other context)
really suspicious archive (there's unclear what archive is behind: binary?,
ustar?, odc?, newc? .., and what partitioning (chunks) is used).

Unless we find this is really important issue, I'd like to close this bug
and possibly find a reproducer for RHEL.  So better reproducer is welcome.

To be honest, this bug has now really low priority (and unlikely to be
fixed), because there is no support ticket assigned to this bug (see the
comment #3).  I (engineering guy) am not allowed to fix this issue and if
nothing changes, I won't be.

Comment 7 Ward 2016-10-24 13:41:24 UTC
Hi Pavel,

This archive is the firmware needed to use the facetimehd webcam on recent Macbooks. There is an out-of-tree kernel module for it:
https://github.com/patjak/bcwc_pcie

And it needs the Apple firmware to work:
https://github.com/patjak/bcwc_pcie/wiki/Get-Started#firmware-extraction

But this is all unrelated. It's just a bug in cpio that is already fixed upstream. It would be nice if you could backport it but I understand that it is not exactly high priority.

Comment 8 Pavel Raiskup 2016-10-24 15:08:39 UTC
Ah, I see the issue now (and again) :) so to not forget before next
reiteration, I'll rather be more verbose.

The original issue fixed upstream [1] was that we wanted to "extract"
cpio archive with (some) broken member headers.  Fixed very soon after
CVE-2014-9112 fix.

In this bug, however, we so far talked about extracting arbitrarily cut
part of a _compressed_ cpio archive.  And that causes troubles for both
decompresser and then cpio.  That's not guaranteed in general.

> But this is all unrelated. It's just a bug in cpio that is already fixed
> upstream.

The fix you try to have is related to different cpio header damages, at least
I think because I haven't carefully analyzed your case.  You seem to be lucky
that cpio recovers in this case, and that's not a good reason to update cpio.

The main issue I see here is that there is potential NULL dereference
which leads to cpio segfaults (and that's why I'll keep this open).

> It would be nice if you could backport it but I understand that it is
> not exactly high priority.

Thanks for understanding, I'll keep this open, but unless we'll have
support requests it is unlikely to be fixed.

<the right fix for your case>
I would recommend downloading the whole archive (all chunks) and unxz it
as a solid piece of data (then you'll have valid cpio archive, too).

The other option is to play with curl's option '--range', but you'll just
have a valid compressed chunk.  So what you probably want is to download the
chunk and copy _only_ the valid part of archive out with /bin/dd (you need
to know offsets).  This is the only reliable way how to extract what you
want in general.
</the fix>

[1] http://www.mail-archive.com/bug-cpio@gnu.org/msg00509.html

Comment 16 errata-xmlrpc 2018-04-10 10:07:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0693


Note You need to log in before you can comment on or make changes to this bug.