Blame SOURCES/libxml2-2.9.1-CVE-2017-18258.patch
|
 |
8a784f |
From e2a9122b8dde53d320750451e9907a7dcb2ca8bb Mon Sep 17 00:00:00 2001
|
|
|
8a784f |
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
|
8a784f |
Date: Thu, 7 Sep 2017 18:36:01 +0200
|
|
|
8a784f |
Subject: [PATCH] Set memory limit for LZMA decompression
|
|
|
8a784f |
|
|
|
8a784f |
Otherwise malicious LZMA compressed files could consume large amounts
|
|
|
8a784f |
of memory when decompressed.
|
|
|
8a784f |
|
|
|
8a784f |
According to the xz man page, files compressed with `xz -9` currently
|
|
|
8a784f |
require 65 MB to decompress, so set the limit to 100 MB.
|
|
|
8a784f |
|
|
|
8a784f |
Should fix bug 786696.
|
|
|
8a784f |
---
|
|
|
8a784f |
xzlib.c | 2 +-
|
|
|
8a784f |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
8a784f |
|
|
|
8a784f |
diff --git a/xzlib.c b/xzlib.c
|
|
|
8a784f |
index 782957f6..f43632bd 100644
|
|
|
8a784f |
--- a/xzlib.c
|
|
|
8a784f |
+++ b/xzlib.c
|
|
|
8a784f |
@@ -408,7 +408,7 @@ xz_head(xz_statep state)
|
|
|
8a784f |
state->strm = init;
|
|
|
8a784f |
state->strm.avail_in = 0;
|
|
|
8a784f |
state->strm.next_in = NULL;
|
|
|
8a784f |
- if (lzma_auto_decoder(&state->strm, UINT64_MAX, 0) != LZMA_OK) {
|
|
|
8a784f |
+ if (lzma_auto_decoder(&state->strm, 100000000, 0) != LZMA_OK) {
|
|
|
8a784f |
xmlFree(state->out);
|
|
|
8a784f |
xmlFree(state->in);
|
|
|
8a784f |
state->size = 0;
|
|
|
8a784f |
--
|
|
|
8a784f |
2.22.0
|
|
|
8a784f |
|