libarchive: fix CVE-2017-5601
This commit is contained in:
Alessio Sergi
parent
fdf20b1fdd
commit
8e19c31a61
|
|
@ -0,0 +1,24 @@
|
||||||
|
From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Martin Matuska <martin@matuska.org>
|
||||||
|
Date: Thu, 19 Jan 2017 22:00:18 +0100
|
||||||
|
Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1()
|
||||||
|
Fixes a heap buffer overflow reported in Secunia SA74169
|
||||||
|
|
||||||
|
---
|
||||||
|
libarchive/archive_read_support_format_lha.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git libarchive/archive_read_support_format_lha.c.orig libarchive/archive_read_support_format_lha.c
|
||||||
|
index 52a5531..d77a7c2 100644
|
||||||
|
--- libarchive/archive_read_support_format_lha.c.orig
|
||||||
|
+++ libarchive/archive_read_support_format_lha.c
|
||||||
|
@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
|
||||||
|
/* Get a real compressed file size. */
|
||||||
|
lha->compsize -= extdsize - 2;
|
||||||
|
|
||||||
|
+ if (lha->compsize < 0)
|
||||||
|
+ goto invalid; /* Invalid compressed file size */
|
||||||
|
+
|
||||||
|
if (sum_calculated != headersum) {
|
||||||
|
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
|
||||||
|
"LHa header sum error");
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'libarchive'
|
# Template file for 'libarchive'
|
||||||
pkgname=libarchive
|
pkgname=libarchive
|
||||||
version=3.2.2
|
version=3.2.2
|
||||||
revision=1
|
revision=2
|
||||||
bootstrap=yes
|
bootstrap=yes
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="$(vopt_enable acl) $(vopt_enable acl xattr)
|
configure_args="$(vopt_enable acl) $(vopt_enable acl xattr)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue