diff options
Diffstat (limited to 'main/libarchive/CVE-2016-4809.patch')
-rw-r--r-- | main/libarchive/CVE-2016-4809.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/main/libarchive/CVE-2016-4809.patch b/main/libarchive/CVE-2016-4809.patch new file mode 100644 index 0000000000..94f801d628 --- /dev/null +++ b/main/libarchive/CVE-2016-4809.patch @@ -0,0 +1,25 @@ +From fd7e0c02e272913a0a8b6d492c7260dfca0b1408 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle <kientzle@acm.org> +Date: Sat, 14 May 2016 12:37:37 -0700 +Subject: [PATCH] Reject cpio symlinks that exceed 1MB + +--- + libarchive/archive_read_support_format_cpio.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c +index c2ca85b..b09db0e 100644 +--- a/libarchive/archive_read_support_format_cpio.c ++++ b/libarchive/archive_read_support_format_cpio.c +@@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(struct archive_read *a, + + /* If this is a symlink, read the link contents. */ + if (archive_entry_filetype(entry) == AE_IFLNK) { ++ if (cpio->entry_bytes_remaining > 1024 * 1024) { ++ archive_set_error(&a->archive, ENOMEM, ++ "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte"); ++ return (ARCHIVE_FATAL); ++ } + h = __archive_read_ahead(a, + (size_t)cpio->entry_bytes_remaining, NULL); + if (h == NULL) |