LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File libarchive-3.1.2-CVE-2015-8919.patch of Package libarchive (Project home:wrzof:gate:gate_git)

From e8a2e4d2e6b450a239bb8f9d74239fa434bf7d35 Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@acm.org>
Date: Sat, 7 Feb 2015 13:32:58 -0800
Subject: [PATCH] Issue 402: Failed to recognize empty dir name in lha/lzh file

When parsing a directory name, we checked for the name
length being zero, but not for the first byte being a
null byte.  Add a similar check for the file case.
---
 libarchive/archive_read_support_format_lha.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
index 572686a..f8e01af 100644
--- a/libarchive/archive_read_support_format_lha.c
+++ b/libarchive/archive_read_support_format_lha.c
@@ -1194,13 +1194,15 @@ lha_read_file_extended_header(struct archive_read *a, struct lha *lha,
 				archive_string_empty(&lha->filename);
 				break;
 			}
+			if (extdheader[0] == '\0')
+				goto invalid;
 			archive_strncpy(&lha->filename,
 			    (const char *)extdheader, datasize);
 			break;
 		case EXT_DIRECTORY:
-			if (datasize == 0)
+			if (datasize == 0 || extdheader[0] == '\0')
 				/* no directory name data. exit this case. */
-				break;
+				goto invalid;
 
 			archive_strncpy(&lha->dirname,
 		  	    (const char *)extdheader, datasize);
-- 
2.7.4