diff options
author | Leo Famulari <leo@famulari.name> | 2017-12-20 19:39:59 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-12-21 12:28:43 -0500 |
commit | 2a0e3d163581f053138508b0d40a28e07dc37923 (patch) | |
tree | 8c14071c0dd2a225d7df8607203129291e726966 /gnu/packages/patches/libarchive-CVE-2017-14502.patch | |
parent | c521c8f1a4cd50996d661c01f8ac6d4832d825f4 (diff) |
gnu: libarchive: Fix CVE-2017-14502.
* gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it.
Diffstat (limited to 'gnu/packages/patches/libarchive-CVE-2017-14502.patch')
-rw-r--r-- | gnu/packages/patches/libarchive-CVE-2017-14502.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/gnu/packages/patches/libarchive-CVE-2017-14502.patch b/gnu/packages/patches/libarchive-CVE-2017-14502.patch new file mode 100644 index 0000000000..8e0508afb5 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2017-14502.patch @@ -0,0 +1,40 @@ +Fix CVE-2017-14502: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502 +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 + +Patch copied from upstream source repository: + +https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6 + +From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger <joerg@bec.de> +Date: Sat, 9 Sep 2017 17:47:32 +0200 +Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR + archives. + +Reported-By: OSS-Fuzz issue 573 +--- + libarchive/archive_read_support_format_rar.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index cbb14c32..751de697 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry, + return (ARCHIVE_FATAL); + } + filename[filename_size++] = '\0'; +- filename[filename_size++] = '\0'; ++ /* ++ * Do not increment filename_size here as the computations below ++ * add the space for the terminating NUL explicitly. ++ */ ++ filename[filename_size] = '\0'; + + /* Decoded unicode form is UTF-16BE, so we have to update a string + * conversion object for it. */ +-- +2.15.1 + |