diff options
Diffstat (limited to 'gnu/packages/patches/libarchive-7zip-heap-overflow.patch')
| -rw-r--r-- | gnu/packages/patches/libarchive-7zip-heap-overflow.patch | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch deleted file mode 100644 index bef628f0a8..0000000000 --- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix buffer overflow reading 7Zip files: - -https://github.com/libarchive/libarchive/issues/761 - -Patch copied from upstream repository: - -https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126 - -From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Sun, 18 Sep 2016 18:14:58 -0700 -Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files - -The sample file that demonstrated this had multiple 'EmptyStream' -attributes. The first one ended up being used to calculate -certain statistics, then was overwritten by the second which -was incompatible with those statistics. - -The fix here is to reject any header with multiple EmptyStream -attributes. While here, also reject headers with multiple -EmptyFile, AntiFile, Name, or Attributes markers. ---- - libarchive/archive_read_support_format_7zip.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c -index 1dfe52b..c0a536c 100644 ---- a/libarchive/archive_read_support_format_7zip.c -+++ b/libarchive/archive_read_support_format_7zip.c -@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - - switch (type) { - case kEmptyStream: -+ if (h->emptyStreamBools != NULL) -+ return (-1); - h->emptyStreamBools = calloc((size_t)zip->numFiles, - sizeof(*h->emptyStreamBools)); - if (h->emptyStreamBools == NULL) -@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->emptyFileBools != NULL) -+ return (-1); - h->emptyFileBools = calloc(empty_streams, - sizeof(*h->emptyFileBools)); - if (h->emptyFileBools == NULL) -@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - return (-1); - break; - } -+ if (h->antiBools != NULL) -+ return (-1); - h->antiBools = calloc(empty_streams, - sizeof(*h->antiBools)); - if (h->antiBools == NULL) -@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((ll & 1) || ll < zip->numFiles * 4) - return (-1); - -+ if (zip->entry_names != NULL) -+ return (-1); - zip->entry_names = malloc(ll); - if (zip->entry_names == NULL) - return (-1); -@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, - if ((p = header_bytes(a, 2)) == NULL) - return (-1); - allAreDefined = *p; -+ if (h->attrBools != NULL) -+ return (-1); - h->attrBools = calloc((size_t)zip->numFiles, - sizeof(*h->attrBools)); - if (h->attrBools == NULL) --- -2.10.0 - |