Overview

File CVE-2015-8918.patch of Package libarchive.9088

commit b6ba56037f0da44efebfa271cc4b1a736a74c62f
Author: Tim Kientzle <kientzle@acm.org>
Date:   Fri Feb 6 23:00:30 2015 -0800

    Issue 398: Overlapping memcpy
    
    Some of the pathname edits parse a part of the pathname
    in the entry, then try to set the pathname from that part.
    This leads the text routines to memcpy() from within the
    string buffer.
    
    Avoid this by simply using memmove() for low-level string append
    operations.

Index: libarchive-3.1.2/CMakeLists.txt
===================================================================
--- libarchive-3.1.2.orig/CMakeLists.txt
+++ libarchive-3.1.2/CMakeLists.txt
@@ -1126,6 +1126,7 @@ CHECK_FUNCTION_EXISTS(strftime HAVE_STRF
 CHECK_FUNCTION_EXISTS(vprintf HAVE_VPRINTF)
 CHECK_FUNCTION_EXISTS(wmemcmp HAVE_WMEMCMP)
 CHECK_FUNCTION_EXISTS(wmemcpy HAVE_WMEMCPY)
+CHECK_FUNCTION_EXISTS(wmemmove HAVE_WMEMMOVE)
 
 CMAKE_POP_CHECK_STATE()	# Restore the state of the variables
 
Index: libarchive-3.1.2/configure.ac
===================================================================
--- libarchive-3.1.2.orig/configure.ac
+++ libarchive-3.1.2/configure.ac
@@ -525,7 +525,7 @@ AC_CHECK_FUNCS([nl_langinfo openat pipe
 AC_CHECK_FUNCS([select setenv setlocale sigaction statfs statvfs])
 AC_CHECK_FUNCS([strchr strdup strerror strncpy_s strrchr symlink timegm])
 AC_CHECK_FUNCS([tzset unsetenv utime utimensat utimes vfork])
-AC_CHECK_FUNCS([wcrtomb wcscmp wcscpy wcslen wctomb wmemcmp wmemcpy])
+AC_CHECK_FUNCS([wcrtomb wcscmp wcscpy wcslen wctomb wmemcmp wmemcpy wmemmove])
 AC_CHECK_FUNCS([_ctime64_s _fseeki64])
 AC_CHECK_FUNCS([_get_timezone _localtime64_s _mkgmtime64])
 # detects cygwin-1.7, as opposed to older versions
Index: libarchive-3.1.2/libarchive/archive_string.c
===================================================================
--- libarchive-3.1.2.orig/libarchive/archive_string.c
+++ libarchive-3.1.2/libarchive/archive_string.c
@@ -71,6 +71,10 @@ __FBSDID("$FreeBSD: head/lib/libarchive/
 #define wmemcpy(a,b,i)  (wchar_t *)memcpy((a), (b), (i) * sizeof(wchar_t))
 #endif
 
+#if !defined(HAVE_WMEMMOVE) && !defined(wmemmove)
+#define wmemmove(a,b,i)  (wchar_t *)memmove((a), (b), (i) * sizeof(wchar_t))
+#endif
+
 struct archive_string_conv {
 	struct archive_string_conv	*next;
 	char				*from_charset;
@@ -203,7 +207,7 @@ archive_string_append(struct archive_str
 {
 	if (archive_string_ensure(as, as->length + s + 1) == NULL)
 		return (NULL);
-	memcpy(as->s + as->length, p, s);
+	memmove(as->s + as->length, p, s);
 	as->length += s;
 	as->s[as->length] = 0;
 	return (as);
@@ -214,7 +218,7 @@ archive_wstring_append(struct archive_ws
 {
 	if (archive_wstring_ensure(as, as->length + s + 1) == NULL)
 		return (NULL);
-	wmemcpy(as->s + as->length, p, s);
+	wmemmove(as->s + as->length, p, s);
 	as->length += s;
 	as->s[as->length] = 0;
 	return (as);
openSUSE Build Service is sponsored by
Places