Commit 1cab3bc6 authored by Petter Reinholdtsen's avatar Petter Reinholdtsen

Added debian/patches/Issue-718-Fix-CVE-2016-4300.patch

avoiding integer overflow in 7-zip parsing.
parent 5c7402c0
......@@ -13,6 +13,8 @@ libarchive (3.1.2-11+deb8u2) UNRELEASED; urgency=high
cpio archive.
* CVE-2015-8934: Added Issue-521-Fix-CVE-2015-8934.patch from
upstream to properly check reading from lzss decompression buffer.
* CVE-2016-4300: Added debian/patches/Issue-718-Fix-CVE-2016-4300.patch
avoiding integer overflow in 7-zip parsing.
* CVE-2016-4302: Added Issue-719-Fix-CVE-2016-4302.patch from upstream
to reject invalid RAR file with zero dictionary size.
......
Description:
This patch was fetched from upstream, and the UMAX_ENTRY constant
introduced after version 3.1.2 was replaced by the 1000000 constant
used in the 3.1.2 code base.
commit e79ef306afe332faf22e9b442a2c6b59cb175573
Author: Tim Kientzle <kientzle@acm.org>
Date: Sun Jun 19 14:14:09 2016 -0700
Issue #718: Fix TALOS-CAN-152
If a 7-Zip archive declares a rediculously large number of substreams,
it can overflow an internal counter, leading a subsequent memory
allocation to be too small for the substream data.
Thanks to the Open Source and Threat Intelligence project at Cisco
for reporting this issue.
Index: libarchive/libarchive/archive_read_support_format_7zip.c
===================================================================
--- libarchive.orig/libarchive/archive_read_support_format_7zip.c 2016-06-28 10:40:28.745037206 +0200
+++ libarchive/libarchive/archive_read_support_format_7zip.c 2016-06-28 10:40:28.745037206 +0200
@@ -2045,6 +2045,9 @@
return (-1);
if (1000000 < f[i].numUnpackStreams)
return (-1);
+ if (unpack_streams > SIZE_MAX - 1000000) {
+ return (-1);
+ }
unpack_streams += (size_t)f[i].numUnpackStreams;
}
if ((p = header_bytes(a, 1)) == NULL)
......@@ -11,4 +11,5 @@ Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch
Issue-656-Fix-CVE-2016-1541-VU-862384.patch
Issue-502+503-CVE-2015-8915.patch
Issue-521-Fix-CVE-2015-8934.patch
Issue-718-Fix-CVE-2016-4300.patch
Issue-719-Fix-CVE-2016-4302.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment