rpms / libarchive

Clone
Source Code
GIT

Blame SOURCES/libarchive-3.1.2-CVE-2016-4300.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   libarchive-3.1.2-CVE-2016-4300.patch
Blob History Raw
995285 
From f084b0568ac2845f12a9a34e0636811d49d6a2a8 Mon Sep 17 00:00:00 2001
995285 
From: Tim Kientzle <kientzle@acm.org>
995285 
Date: Sun, 19 Jun 2016 14:14:09 -0700
995285 
Subject: [PATCH] Issue #718: Fix TALOS-CAN-152
995285
995285 
If a 7-Zip archive declares a rediculously large number of substreams,
995285 
it can overflow an internal counter, leading a subsequent memory
995285 
allocation to be too small for the substream data.
995285
995285 
Thanks to the Open Source and Threat Intelligence project at Cisco
995285 
for reporting this issue.
995285 
---
995285 
 libarchive/archive_read_support_format_7zip.c | 3 +++
995285 
 1 file changed, 3 insertions(+)
995285
995285 
diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
995285 
index e490c00..8ae8443 100644
995285 
--- a/libarchive/archive_read_support_format_7zip.c
995285 
+++ b/libarchive/archive_read_support_format_7zip.c
995285 
@@ -2054,6 +2054,9 @@ read_SubStreamsInfo(struct archive_read *a, struct _7z_substream_info *ss,
995285 
 				return (-1);
995285 
 			if (1000000 < f[i].numUnpackStreams)
995285 
 				return (-1);
995285 
+			if (unpack_streams > SIZE_MAX - 1000000) {
995285 
+				return (-1);
995285 
+			}
995285 
 			unpack_streams += (size_t)f[i].numUnpackStreams;
995285 
 		}
995285 
 		if ((p = header_bytes(a, 1)) == NULL)
995285 
--
995285 
2.7.4
995285

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation