snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity
void-packages/srcpkgs/lrzip/patches/CVE-2017-8845.patch

27 lines
941 B
Diff
Raw Normal View History

lrzip: apply applicable security patches from upstream Upstream has a few more CVEs but didn't make a new release yet. In the meantime we patch what we can Fixes: - CVE-2017-8842 - CVE-2017-8844 - CVE-2017-8845 - CVE-2018-5650 The CVEs left remaining to be fixed by upstream are ( Removed CVE- prefix as to not confuse tools that grep for those values) CVE: 2017-8843 SEVERITY: 4.3 CVE: 2017-8846 SEVERITY: 4.3 CVE: 2017-8847 SEVERITY: 4.3 CVE: 2017-9928 SEVERITY: 4.3 CVE: 2017-9929 SEVERITY: 4.3 CVE: 2018-11496 SEVERITY: 4.3 CVE: 2018-5747 SEVERITY: 4.3
2018-10-02 14:44:49 +02:00
From 4893e869e3fc36c65123ce8fedafeb82cba745a4 Mon Sep 17 00:00:00 2001
From: Con Kolivas <kernel@kolivas.org>
Date: Wed, 16 May 2018 16:55:41 +1000
Subject: [PATCH] Add sanity check for invalid values during decompression,
addressing CVE-2017-8845.
---
stream.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/stream.c b/stream.c
index af4a4aa..79890ba 100644
--- a/stream.c
+++ b/stream.c
@@ -1632,6 +1632,10 @@ static int fill_buffer(rzip_control *control, struct stream_info *sinfo, int str
c_len = le64toh(c_len);
u_len = le64toh(u_len);
last_head = le64toh(last_head);
+ if (unlikely(c_len < 1 || u_len < 1 || last_head < 0)) {
+ fatal_return(("Invalid data compressed len %lld uncompressed %lld last_head %lld\n",
+ c_len, u_len, last_head), -1);
+ }
print_maxverbose("Fill_buffer stream %d c_len %lld u_len %lld last_head %lld\n", streamno, c_len, u_len, last_head);
padded_len = MAX(c_len, MIN_SIZE);