snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity
void-packages/srcpkgs/lrzip/patches/CVE-2017-8845.patch

27 lines
941 B
Diff
Raw Blame History

From 4893e869e3fc36c65123ce8fedafeb82cba745a4 Mon Sep 17 00:00:00 2001
From: Con Kolivas <kernel@kolivas.org>
Date: Wed, 16 May 2018 16:55:41 +1000
Subject: [PATCH] Add sanity check for invalid values during decompression,
addressing CVE-2017-8845.
---
stream.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/stream.c b/stream.c
index af4a4aa..79890ba 100644
--- a/stream.c
+++ b/stream.c
@@ -1632,6 +1632,10 @@ static int fill_buffer(rzip_control *control, struct stream_info *sinfo, int str
c_len = le64toh(c_len);
u_len = le64toh(u_len);
last_head = le64toh(last_head);
+ if (unlikely(c_len < 1 || u_len < 1 || last_head < 0)) {
+ fatal_return(("Invalid data compressed len %lld uncompressed %lld last_head %lld\n",
+ c_len, u_len, last_head), -1);
+ }
print_maxverbose("Fill_buffer stream %d c_len %lld u_len %lld last_head %lld\n", streamno, c_len, u_len, last_head);
padded_len = MAX(c_len, MIN_SIZE);
Reference in New Issue View Git Blame Copy Permalink