aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libarchive-CVE-2013-0211.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2014-10-11 22:49:15 -0400
committerMark H Weaver <mhw@netris.org>2014-10-11 23:21:37 -0400
commit1b7d5242c36d82242f1148cc583ea362d3e83577 (patch)
tree811341494f3aadb17d5954483c8c7ba610c8bf6b /gnu/packages/patches/libarchive-CVE-2013-0211.patch
parent36ae58488bfeeb3bc2b314bd16ba37d06b3a13af (diff)
downloadguix-1b7d5242c36d82242f1148cc583ea362d3e83577.tar
guix-1b7d5242c36d82242f1148cc583ea362d3e83577.tar.gz
gnu: libarchive: Apply fixes including for CVE-2013-0211.
* gnu/packages/patches/libarchive-CVE-2013-0211.patch, gnu/packages/patches/libarchive-fix-lzo-test-case.patch, gnu/packages/patches/libarchive-mtree-filename-length-fix.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/backup.scm (libarchive)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/libarchive-CVE-2013-0211.patch')
-rw-r--r--gnu/packages/patches/libarchive-CVE-2013-0211.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
new file mode 100644
index 0000000000..b024a7d4a8
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
@@ -0,0 +1,21 @@
+Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/703957
+Forwarded: not-needed
+
+--- libarchive-3.0.4.orig/libarchive/archive_write.c
++++ libarchive-3.0.4/libarchive/archive_write.c
+@@ -665,8 +665,13 @@ static ssize_t
+ _archive_write_data(struct archive *_a, const void *buff, size_t s)
+ {
+ struct archive_write *a = (struct archive_write *)_a;
++ const size_t max_write = INT_MAX;
++
+ archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
+ ARCHIVE_STATE_DATA, "archive_write_data");
++ /* In particular, this catches attempts to pass negative values. */
++ if (s > max_write)
++ s = max_write;
+ archive_clear_error(&a->archive);
+ return ((a->format_write_data)(a, buff, s));
+ }