File CVE-2015-8922.patch of Package libarchive.2786

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2015-8922.patch of Package libarchive.2786

commit d094dc02905605ca514baf87855f026b9bf52f1f
Author: Tim Kientzle <kientzle@acm.org>
Date:   Sun Feb 8 13:29:51 2015 -0800

Issue 405: segfault on malformed 7z archive
    
    Reject a couple of nonsensical cases.

Index: libarchive-3.1.2/Makefile.am
===================================================================
--- libarchive-3.1.2.orig/Makefile.am
+++ libarchive-3.1.2/Makefile.am
@@ -373,6 +373,7 @@ libarchive_test_SOURCES=					\
 	libarchive/test/test_read_filter_program_signature.c	\
 	libarchive/test/test_read_filter_uudecode.c		\
 	libarchive/test/test_read_format_7zip.c			\
+        libarchive/test/test_read_format_7zip_malformed.c       \
 	libarchive/test/test_read_format_ar.c			\
 	libarchive/test/test_read_format_cab.c			\
 	libarchive/test/test_read_format_cab_filename.c		\
@@ -601,6 +602,8 @@ libarchive_test_EXTRA_DIST=\
 	libarchive/test/test_read_format_7zip_lzma1_2.7z.uu		\
 	libarchive/test/test_read_format_7zip_lzma1_lzma2.7z.uu		\
 	libarchive/test/test_read_format_7zip_lzma2.7z.uu		\
+	libarchive/test/test_read_format_7zip_malformed.7z.uu 		\
+	libarchive/test/test_read_format_7zip_malformed2.7z.uu 		\
 	libarchive/test/test_read_format_7zip_ppmd.7z.uu		\
 	libarchive/test/test_read_format_7zip_symbolic_name.7z.uu	\
 	libarchive/test/test_read_format_ar.ar.uu			\
Index: libarchive-3.1.2/libarchive/archive_read_support_format_7zip.c
===================================================================
--- libarchive-3.1.2.orig/libarchive/archive_read_support_format_7zip.c
+++ libarchive-3.1.2/libarchive/archive_read_support_format_7zip.c
@@ -1940,7 +1940,16 @@ read_CodersInfo(struct archive_read *a,
 			return (-1);
 		if (1000000 < ci->dataStreamIndex)
 			return (-1);
+		if (ci->numFolders > 0) {
+			archive_set_error(&a->archive, -1,
+			    "Malformed 7-Zip archive");
+			goto failed;
+		}
 		break;
+	default:
+		archive_set_error(&a->archive, -1,
+		    "Malformed 7-Zip archive");
+		goto failed;
 	}
 
 	if ((p = header_bytes(a, 1)) == NULL)
Index: libarchive-3.1.2/libarchive/test/test_read_format_7zip_malformed.7z.uu
===================================================================
--- /dev/null
+++ libarchive-3.1.2/libarchive/test/test_read_format_7zip_malformed.7z.uu
@@ -0,0 +1,5 @@
+begin 644 test_read_format_7zip_malformed.7z
+M-WJ\KR<<,#"@P/<&!P````````!(`````````&:^$Y<P,#`P,#`P`00&``$)
+'!P`'"S`P#```
+`
+end
Index: libarchive-3.1.2/libarchive/test/test_read_format_7zip_malformed.c
===================================================================
--- /dev/null
+++ libarchive-3.1.2/libarchive/test/test_read_format_7zip_malformed.c
@@ -0,0 +1,67 @@
+/*-
+ * Copyright (c) 2003-2007 Tim Kientzle
+ * Copyright (c) 2011 Michihiro NAKAJIMA
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "test.h"
+__FBSDID("$FreeBSD$");
+
+static void
+test_malformed1(void)
+{
+	const char *refname = "test_read_format_7zip_malformed.7z";
+	struct archive *a;
+	struct archive_entry *ae;
+
+	extract_reference_file(refname);
+
+	assert((a = archive_read_new()) != NULL);
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, refname, 10240));
+	assertEqualIntA(a, ARCHIVE_FATAL, archive_read_next_header(a, &ae));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a));
+}
+
+static void
+test_malformed2(void)
+{
+	const char *refname = "test_read_format_7zip_malformed2.7z";
+	struct archive *a;
+	struct archive_entry *ae;
+
+	extract_reference_file(refname);
+
+	assert((a = archive_read_new()) != NULL);
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, refname, 10240));
+	assertEqualIntA(a, ARCHIVE_FATAL, archive_read_next_header(a, &ae));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a));
+}
+
+DEFINE_TEST(test_read_format_7zip_malformed)
+{
+	test_malformed1();
+	test_malformed2();
+}
Index: libarchive-3.1.2/libarchive/test/test_read_format_7zip_malformed2.7z.uu
===================================================================
--- /dev/null
+++ libarchive-3.1.2/libarchive/test/test_read_format_7zip_malformed2.7z.uu
@@ -0,0 +1,5 @@
+begin 644 test_read_format_7zip_malformed2.7z
+M-WJ\KR<<,#"@P/<&!P````````!(`````````&:^$Y<P,#`P,#`P`00&``$)
+(!P`'"S`!#`P`
+`
+end

Places

File CVE-2015-8922.patch of Package libarchive.2786

Places