Overview

File CVE-2015-8915.patch of Package libarchive.3431

commit e6c9668f3202215ddb71617b41c19b6f05acf008
Author: Tim Kientzle <kientzle@acm.org>
Date:   Fri Jan 30 23:57:03 2015 -0800

    Add a check to archive_read_filter_consume to reject any
    attempts to move the file pointer by a negative amount.
    
    Note:  Either this or commit 3865cf2 provides a fix for
    Issue 394.

Index: libarchive-3.1.2/libarchive/archive_read.c
===================================================================
--- libarchive-3.1.2.orig/libarchive/archive_read.c
+++ libarchive-3.1.2/libarchive/archive_read.c
@@ -1397,6 +1397,8 @@ __archive_read_filter_consume(struct arc
 {
 	int64_t skipped;
 
+	if (request < 0)
+		return ARCHIVE_FATAL;
 	if (request == 0)
 		return 0;
openSUSE Build Service is sponsored by
Places