Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Staging:E
libarchive
CVE-2016-8689.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-8689.patch of Package libarchive
commit 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Author: Tim Kientzle <kientzle@acm.org> Date: Sun Sep 18 18:14:58 2016 -0700 Issue 761: Heap overflow reading corrupted 7Zip files The sample file that demonstrated this had multiple 'EmptyStream' attributes. The first one ended up being used to calculate certain statistics, then was overwritten by the second which was incompatible with those statistics. The fix here is to reject any header with multiple EmptyStream attributes. While here, also reject headers with multiple EmptyFile, AntiFile, Name, or Attributes markers. Index: libarchive-3.1.2/libarchive/archive_read_support_format_7zip.c =================================================================== --- libarchive-3.1.2.orig/libarchive/archive_read_support_format_7zip.c +++ libarchive-3.1.2/libarchive/archive_read_support_format_7zip.c @@ -2337,6 +2337,8 @@ read_Header(struct archive_read *a, stru switch (type) { case kEmptyStream: + if (h->emptyStreamBools != NULL) + return (-1); h->emptyStreamBools = calloc((size_t)zip->numFiles, sizeof(*h->emptyStreamBools)); if (h->emptyStreamBools == NULL) @@ -2357,6 +2359,8 @@ read_Header(struct archive_read *a, stru return (-1); break; } + if (h->emptyFileBools != NULL) + return (-1); h->emptyFileBools = calloc(empty_streams, sizeof(*h->emptyFileBools)); if (h->emptyFileBools == NULL) @@ -2371,6 +2375,8 @@ read_Header(struct archive_read *a, stru return (-1); break; } + if (h->antiBools != NULL) + return (-1); h->antiBools = calloc(empty_streams, sizeof(*h->antiBools)); if (h->antiBools == NULL) @@ -2397,6 +2403,8 @@ read_Header(struct archive_read *a, stru if ((ll & 1) || ll < zip->numFiles * 4) return (-1); + if (zip->entry_names != NULL) + return (-1); zip->entry_names = malloc(ll); if (zip->entry_names == NULL) return (-1); @@ -2449,6 +2457,8 @@ read_Header(struct archive_read *a, stru if ((p = header_bytes(a, 2)) == NULL) return (-1); allAreDefined = *p; + if (h->attrBools != NULL) + return (-1); h->attrBools = calloc((size_t)zip->numFiles, sizeof(*h->attrBools)); if (h->attrBools == NULL)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor