mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: libarchive: Fix CVE-2017-14502.
* gnu/packages/patches/libarchive-CVE-2017-14502.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/backup.scm (libarchive-3.3.2)[source]: Use it.
This commit is contained in:
parent
c521c8f1a4
commit
2a0e3d1635
3 changed files with 43 additions and 1 deletions
|
@ -791,6 +791,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/liba52-set-soname.patch \
|
||||
%D%/packages/patches/liba52-use-mtune-not-mcpu.patch \
|
||||
%D%/packages/patches/libarchive-CVE-2017-14166.patch \
|
||||
%D%/packages/patches/libarchive-CVE-2017-14502.patch \
|
||||
%D%/packages/patches/libbase-fix-includes.patch \
|
||||
%D%/packages/patches/libbase-use-own-logging.patch \
|
||||
%D%/packages/patches/libbonobo-activation-test-race.patch \
|
||||
|
|
|
@ -253,7 +253,8 @@ (define libarchive-3.3.2
|
|||
(method url-fetch)
|
||||
(uri (string-append "http://libarchive.org/downloads/libarchive-"
|
||||
version ".tar.gz"))
|
||||
(patches (search-patches "libarchive-CVE-2017-14166.patch"))
|
||||
(patches (search-patches "libarchive-CVE-2017-14166.patch"
|
||||
"libarchive-CVE-2017-14502.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))))
|
||||
|
|
40
gnu/packages/patches/libarchive-CVE-2017-14502.patch
Normal file
40
gnu/packages/patches/libarchive-CVE-2017-14502.patch
Normal file
|
@ -0,0 +1,40 @@
|
|||
Fix CVE-2017-14502:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
|
||||
|
||||
From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Sonnenberger <joerg@bec.de>
|
||||
Date: Sat, 9 Sep 2017 17:47:32 +0200
|
||||
Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR
|
||||
archives.
|
||||
|
||||
Reported-By: OSS-Fuzz issue 573
|
||||
---
|
||||
libarchive/archive_read_support_format_rar.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
|
||||
index cbb14c32..751de697 100644
|
||||
--- a/libarchive/archive_read_support_format_rar.c
|
||||
+++ b/libarchive/archive_read_support_format_rar.c
|
||||
@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
|
||||
return (ARCHIVE_FATAL);
|
||||
}
|
||||
filename[filename_size++] = '\0';
|
||||
- filename[filename_size++] = '\0';
|
||||
+ /*
|
||||
+ * Do not increment filename_size here as the computations below
|
||||
+ * add the space for the terminating NUL explicitly.
|
||||
+ */
|
||||
+ filename[filename_size] = '\0';
|
||||
|
||||
/* Decoded unicode form is UTF-16BE, so we have to update a string
|
||||
* conversion object for it. */
|
||||
--
|
||||
2.15.1
|
||||
|
Loading…
Reference in a new issue