1 files changed, 32 insertions, 0 deletions

diff --git a/main/libarchive/CVE-2016-4302.patch b/main/libarchive/CVE-2016-4302.patch
new file mode 100644
index 0000000000..4506afb0be
--- /dev/null
+++ b/main/libarchive/CVE-2016-4302.patch
@@ -0,0 +1,32 @@
+From 05caadc7eedbef471ac9610809ba683f0c698700 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Sun, 19 Jun 2016 14:21:42 -0700
+Subject: [PATCH] Issue 719:  Fix for TALOS-CAN-154
+
+A RAR file with an invalid zero dictionary size was not being
+rejected, leading to a zero-sized allocation for the dictionary
+storage which was then overwritten during the dictionary initialization.
+
+Thanks to the Open Source and Threat Intelligence project at Cisco for
+reporting this.
+---
+ libarchive/archive_read_support_format_rar.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
+index 6450aac..6c49f1a 100644
+--- a/libarchive/archive_read_support_format_rar.c
++++ b/libarchive/archive_read_support_format_rar.c
+@@ -2127,6 +2127,12 @@ parse_codes(struct archive_read *a)
+       rar->range_dec.Stream = &rar->bytein;
+       __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context);
+ 
++      if (rar->dictionary_size == 0) {
++	      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
++                          "Invalid zero dictionary size");
++	      return (ARCHIVE_FATAL);
++      }
++
+       if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context,
+         rar->dictionary_size, &g_szalloc))
+       {