Overview

File libmspack-0.6alpha-CVE-2019-1010305.patch of Package libmspack

From 2f084136cfe0d05e5bf5703f3e83c6d955234b4d Mon Sep 17 00:00:00 2001
From: Stuart Caie <kyzer@cabextract.org.uk>
Date: Mon, 18 Feb 2019 13:04:58 +0000
Subject: [PATCH] length checks when looking for control files

---
 libmspack/mspack/chmd.c | 24 +++++++++++-------------
 2 files changed, 19 insertions(+), 13 deletions(-)

Index: libmspack-0.6alpha/mspack/chmd.c
===================================================================
--- libmspack-0.6alpha.orig/mspack/chmd.c
+++ libmspack-0.6alpha/mspack/chmd.c
@@ -483,19 +483,17 @@ static int chmd_read_headers(struct mspa
 
       if (name[0] == ':' && name[1] == ':') {
 	/* system file */
-	if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
-	  if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
-	    chm->sec1.content = fi;
-	  }
-	  else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
-	    chm->sec1.control = fi;
-	  }
-	  else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
-	    chm->sec1.spaninfo = fi;
-	  }
-	  else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
-	    chm->sec1.rtable = fi;
-	  }
+        if (name_len == 40 && memcmp(name, content_name, 40) == 0) {
+          chm->sec1.content = fi;
+        }
+        else if (name_len == 44 && memcmp(name, control_name, 44) == 0) {
+          chm->sec1.control = fi;
+        }
+        else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) {
+          chm->sec1.spaninfo = fi;
+        }
+        else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) {
+          chm->sec1.rtable = fi;
 	}
 	fi->next = chm->sysfiles;
 	chm->sysfiles = fi;
openSUSE Build Service is sponsored by
Places