diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-24 13:30:14 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-24 13:30:14 +0000 |
commit | ca64327748a6964f6b2e542beccd2cd01ae40015 (patch) | |
tree | c68f3a1e16e864adb80c6eb807ddcf6ead2073bc /main/libarchive/CVE-2013-0211.patch | |
parent | 68626613f16bffc10f13a88f731d4f911da4a2f9 (diff) | |
download | aports-ca64327748a6964f6b2e542beccd2cd01ae40015.tar.bz2 aports-ca64327748a6964f6b2e542beccd2cd01ae40015.tar.xz |
main/libarchive: fix CVE-2013-0211
fixes #1806
Diffstat (limited to 'main/libarchive/CVE-2013-0211.patch')
-rw-r--r-- | main/libarchive/CVE-2013-0211.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/main/libarchive/CVE-2013-0211.patch b/main/libarchive/CVE-2013-0211.patch new file mode 100644 index 0000000000..c927a860e2 --- /dev/null +++ b/main/libarchive/CVE-2013-0211.patch @@ -0,0 +1,32 @@ +From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle <kientzle@acm.org> +Date: Fri, 22 Mar 2013 23:48:41 -0700 +Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a + certain common programming error (passing -1 to write) from leading to other + problems deeper in the library. + +--- + libarchive/archive_write.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c +index eede5e0..be85621 100644 +--- a/libarchive/archive_write.c ++++ b/libarchive/archive_write.c +@@ -673,8 +673,13 @@ struct archive_write_filter * + _archive_write_data(struct archive *_a, const void *buff, size_t s) + { + struct archive_write *a = (struct archive_write *)_a; ++ const size_t max_write = INT_MAX; ++ + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, + ARCHIVE_STATE_DATA, "archive_write_data"); ++ /* In particular, this catches attempts to pass negative values. */ ++ if (s > max_write) ++ s = max_write; + archive_clear_error(&a->archive); + return ((a->format_write_data)(a, buff, s)); + } +-- +1.8.1.6 + |