Blame SOURCES/libarchive-3.1.2-CVE-2016-4809.patch
|
 |
995285 |
From fd7e0c02e272913a0a8b6d492c7260dfca0b1408 Mon Sep 17 00:00:00 2001
|
|
|
995285 |
From: Tim Kientzle <kientzle@acm.org>
|
|
|
995285 |
Date: Sat, 14 May 2016 12:37:37 -0700
|
|
|
995285 |
Subject: [PATCH] Reject cpio symlinks that exceed 1MB
|
|
|
995285 |
|
|
|
995285 |
---
|
|
|
995285 |
libarchive/archive_read_support_format_cpio.c | 5 +++++
|
|
|
995285 |
1 file changed, 5 insertions(+)
|
|
|
995285 |
|
|
|
995285 |
diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c
|
|
|
995285 |
index c2ca85b..b09db0e 100644
|
|
|
995285 |
--- a/libarchive/archive_read_support_format_cpio.c
|
|
|
995285 |
+++ b/libarchive/archive_read_support_format_cpio.c
|
|
|
995285 |
@@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(struct archive_read *a,
|
|
|
995285 |
|
|
|
995285 |
/* If this is a symlink, read the link contents. */
|
|
|
995285 |
if (archive_entry_filetype(entry) == AE_IFLNK) {
|
|
|
995285 |
+ if (cpio->entry_bytes_remaining > 1024 * 1024) {
|
|
|
995285 |
+ archive_set_error(&a->archive, ENOMEM,
|
|
|
995285 |
+ "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte");
|
|
|
995285 |
+ return (ARCHIVE_FATAL);
|
|
|
995285 |
+ }
|
|
|
995285 |
h = __archive_read_ahead(a,
|
|
|
995285 |
(size_t)cpio->entry_bytes_remaining, NULL);
|
|
|
995285 |
if (h == NULL)
|
|
|
995285 |
--
|
|
|
995285 |
2.7.4
|
|
|
995285 |
|