File CVE-2016-4809.patch of Package libarchive.2786

commit fd7e0c02e272913a0a8b6d492c7260dfca0b1408
Author: Tim Kientzle <kientzle@acm.org>
Date:   Sat May 14 12:37:37 2016 -0700

    Reject cpio symlinks that exceed 1MB

Index: libarchive-3.1.2/libarchive/archive_read_support_format_cpio.c
===================================================================
--- libarchive-3.1.2.orig/libarchive/archive_read_support_format_cpio.c
+++ libarchive-3.1.2/libarchive/archive_read_support_format_cpio.c
@@ -399,6 +399,11 @@ archive_read_format_cpio_read_header(str
 
 	/* If this is a symlink, read the link contents. */
 	if (archive_entry_filetype(entry) == AE_IFLNK) {
+		if (cpio->entry_bytes_remaining > 1024 * 1024) {
+			archive_set_error(&a->archive, ENOMEM,
+			    "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte");
+			return (ARCHIVE_FATAL);
+		}
 		h = __archive_read_ahead(a,
 			(size_t)cpio->entry_bytes_remaining, NULL);
 		if (h == NULL)
openSUSE Build Service is sponsored by