Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:cabelo
libarchive
libarchive-3.1.3-CVE-2013-0211_read_buffer_over...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch of Package libarchive
From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 From: Tim Kientzle <kientzle@acm.org> Date: Fri, 22 Mar 2013 23:48:41 -0700 Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a certain common programming error (passing -1 to write) from leading to other problems deeper in the library. --- libarchive/archive_write.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c index eede5e0..be85621 100644 --- a/libarchive/archive_write.c +++ b/libarchive/archive_write.c @@ -673,8 +673,13 @@ static ssize_t _archive_write_data(struct archive *_a, const void *buff, size_t s) { struct archive_write *a = (struct archive_write *)_a; + const size_t max_write = INT_MAX; + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, ARCHIVE_STATE_DATA, "archive_write_data"); + /* In particular, this catches attempts to pass negative values. */ + if (s > max_write) + s = max_write; archive_clear_error(&a->archive); return ((a->format_write_data)(a, buff, s)); } -- 1.8.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor