aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libarchive-CVE-2013-0211.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libarchive-CVE-2013-0211.patch')
-rw-r--r--gnu/packages/patches/libarchive-CVE-2013-0211.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
new file mode 100644
index 0000000000..b024a7d4a8
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
@@ -0,0 +1,21 @@
+Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/703957
+Forwarded: not-needed
+
+--- libarchive-3.0.4.orig/libarchive/archive_write.c
++++ libarchive-3.0.4/libarchive/archive_write.c
+@@ -665,8 +665,13 @@ static ssize_t
+ _archive_write_data(struct archive *_a, const void *buff, size_t s)
+ {
+ struct archive_write *a = (struct archive_write *)_a;
++ const size_t max_write = INT_MAX;
++
+ archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
+ ARCHIVE_STATE_DATA, "archive_write_data");
++ /* In particular, this catches attempts to pass negative values. */
++ if (s > max_write)
++ s = max_write;
+ archive_clear_error(&a->archive);
+ return ((a->format_write_data)(a, buff, s));
+ }