1318084 – cpio 2.11 fails to extract archive (upstream fix available, backport request)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1318084 - cpio 2.11 fails to extract archive (upstream fix available, backport request)

Summary: cpio 2.11 fails to extract archive (upstream fix available, backport request)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	cpio
Sub Component:
Version:	7.2
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Pavel Raiskup
QA Contact:	Vaclav Danek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-03-16 02:22 UTC by Jan Hilberath
Modified:	2018-04-10 10:07 UTC (History)
CC List:	4 users (show)
Fixed In Version:	cpio-2.11-27.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-04-10 10:07:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Patch file for upstream version 2.11 (1.32 KB, patch) 2016-03-16 02:24 UTC, Jan Hilberath	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0693	0	None	None	None	2018-04-10 10:07:49 UTC

Description Jan Hilberath 2016-03-16 02:22:20 UTC

Description of problem:

The cpio version delivered with RHEL 7 is not able to extract files from a certain archive (see below for details on how to get that archive).


Version-Release number of selected component (if applicable):

Name        : cpio
Arch        : x86_64
Version     : 2.11
Release     : 24.el7


Steps to Reproduce:

The archive in question is part of the Mac OS X 10.11.3 update and can be obtained as follows:

$ curl -s -L -r "187085540-191012220" "https://support.apple.com/downloads/DL1858/en_US/osxupd10.11.3.dmg" > osxupd10.11.3.dmg.chunk

$ file osxupd10.11.3.dmg.chunk 
osxupd10.11.3.dmg.chunk: XZ compressed data

$ unxz < osxupd10.11.3.dmg.chunk > osxupd10.11.3.dmg.chunk.unxz


Actual results:

Files cannot be listed or extracted.

$ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz
cpio: premature end of file


Expected results:

Files can be listed or extracted.

$ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz
cpio: warning: skipped 448149 bytes of junk
./System/Library/Extensions/AMDShared.bundle/Contents/_CodeSignature
...
[list of further files contained in the archive]
...
./System/Library/Extensions/AppleCameraInterface.kext/Contents/MacOS/AppleCameraInterface
cpio: premature end of file


Additional info:

It's a bug in cpio 2.11 that has been fixed in 2.12.

The commit that introduced the bug is:
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=27e0ae559068c65a54299b5540f8154deb641f7c

The commit that fixed the bug is:
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d116c4564c1796be9be2799619cf7785d07

It works when building the upstream 2.11 sources with this patch applied:
https://gist.github.com/yantarou/ecf0931d13203fb8bbde

Comment 2 Jan Hilberath 2016-03-16 02:24:56 UTC

Created attachment 1136807 [details]
Patch file for upstream version 2.11

Comment 3 Pavel Raiskup 2016-03-16 06:48:29 UTC

Thanks for the report, upstream discussion:
http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00007.html

--
Thank you for taking the time to enter a bug report with us. We appreciate the
feedback and look to use reports such as this to guide our efforts at
improving our products. That being said, this bug tracking system is not a
mechanism for requesting support, and we are not able to  guarantee the
timeliness or suitability of a resolution.

If this issue is critical or in any way time sensitive, please raise a ticket
through your regular Red Hat support channels to make certain  it receives the
proper attention and prioritization to assure a timely resolution.

For information on how to contact the Red Hat production support team, please
visit https://www.redhat.com/support/process/production/#howto

Comment 4 Pavel Raiskup 2016-10-24 12:46:04 UTC

(In reply to Jan Hilberath from comment #0)
> $ unxz < osxupd10.11.3.dmg.chunk > osxupd10.11.3.dmg.chunk.unxz
> ...

BTW: This command says this on my RHEL7 box ...

    unxz: (stdin): Unexpected end of input

> $ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz
> cpio: premature end of file

... which might be the reason for cpio failure.

Comment 5 Ward 2016-10-24 12:58:43 UTC

Pavel, that's unrelated. Just copying cpio from Debian (which has the fix) makes it work fine.

Comment 6 Pavel Raiskup 2016-10-24 13:30:30 UTC

Thanks for quick update, Ward.  It is however (without any other context)
really suspicious archive (there's unclear what archive is behind: binary?,
ustar?, odc?, newc? .., and what partitioning (chunks) is used).

Unless we find this is really important issue, I'd like to close this bug
and possibly find a reproducer for RHEL.  So better reproducer is welcome.

To be honest, this bug has now really low priority (and unlikely to be
fixed), because there is no support ticket assigned to this bug (see the
comment #3).  I (engineering guy) am not allowed to fix this issue and if
nothing changes, I won't be.

Comment 7 Ward 2016-10-24 13:41:24 UTC

Hi Pavel,

This archive is the firmware needed to use the facetimehd webcam on recent Macbooks. There is an out-of-tree kernel module for it:
https://github.com/patjak/bcwc_pcie

And it needs the Apple firmware to work:
https://github.com/patjak/bcwc_pcie/wiki/Get-Started#firmware-extraction

But this is all unrelated. It's just a bug in cpio that is already fixed upstream. It would be nice if you could backport it but I understand that it is not exactly high priority.

Comment 8 Pavel Raiskup 2016-10-24 15:08:39 UTC

Ah, I see the issue now (and again) :) so to not forget before next
reiteration, I'll rather be more verbose.

The original issue fixed upstream [1] was that we wanted to "extract"
cpio archive with (some) broken member headers.  Fixed very soon after
CVE-2014-9112 fix.

In this bug, however, we so far talked about extracting arbitrarily cut
part of a _compressed_ cpio archive.  And that causes troubles for both
decompresser and then cpio.  That's not guaranteed in general.

> But this is all unrelated. It's just a bug in cpio that is already fixed
> upstream.

The fix you try to have is related to different cpio header damages, at least
I think because I haven't carefully analyzed your case.  You seem to be lucky
that cpio recovers in this case, and that's not a good reason to update cpio.

The main issue I see here is that there is potential NULL dereference
which leads to cpio segfaults (and that's why I'll keep this open).

> It would be nice if you could backport it but I understand that it is
> not exactly high priority.

Thanks for understanding, I'll keep this open, but unless we'll have
support requests it is unlikely to be fixed.

<the right fix for your case>
I would recommend downloading the whole archive (all chunks) and unxz it
as a solid piece of data (then you'll have valid cpio archive, too).

The other option is to play with curl's option '--range', but you'll just
have a valid compressed chunk.  So what you probably want is to download the
chunk and copy _only_ the valid part of archive out with /bin/dd (you need
to know offsets).  This is the only reliable way how to extract what you
want in general.
</the fix>

[1] http://www.mail-archive.com/bug-cpio@gnu.org/msg00509.html

Comment 16 errata-xmlrpc 2018-04-10 10:07:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0693

Note You need to log in before you can comment on or make changes to this bug.