1 files changed, 25 insertions, 0 deletions

diff --git a/main/libarchive/CVE-2016-4809.patch b/main/libarchive/CVE-2016-4809.patch
new file mode 100644
index 0000000000..94f801d628
--- /dev/null
+++ b/main/libarchive/CVE-2016-4809.patch
@@ -0,0 +1,25 @@
+From fd7e0c02e272913a0a8b6d492c7260dfca0b1408 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Sat, 14 May 2016 12:37:37 -0700
+Subject: [PATCH] Reject cpio symlinks that exceed 1MB
+
+---
+ libarchive/archive_read_support_format_cpio.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c
+index c2ca85b..b09db0e 100644
+--- a/libarchive/archive_read_support_format_cpio.c
++++ b/libarchive/archive_read_support_format_cpio.c
+@@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(struct archive_read *a,
+ 
+ 	/* If this is a symlink, read the link contents. */
+ 	if (archive_entry_filetype(entry) == AE_IFLNK) {
++		if (cpio->entry_bytes_remaining > 1024 * 1024) {
++			archive_set_error(&a->archive, ENOMEM,
++			    "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte");
++			return (ARCHIVE_FATAL);
++		}
+ 		h = __archive_read_ahead(a,
+ 			(size_t)cpio->entry_bytes_remaining, NULL);
+ 		if (h == NULL)