Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
libarchive.3431
CVE-2016-8687.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-8687.patch of Package libarchive.3431
commit e37b620fe8f14535d737e89a4dcabaed4517bf1a Author: Tim Kientzle <kientzle@acm.org> Date: Sun Aug 21 10:51:43 2016 -0700 Issue #767: Buffer overflow printing a filename The safe_fprintf function attempts to ensure clean output for an arbitrary sequence of bytes by doing a trial conversion of the multibyte characters to wide characters -- if the resulting wide character is printable then we pass through the corresponding bytes unaltered, otherwise, we convert them to C-style ASCII escapes. The stack trace in Issue #767 suggest that the 20-byte buffer was getting overflowed trying to format a non-printable multibyte character. This should only happen if there is a valid multibyte character of more than 5 bytes that was unprintable. (Each byte would get expanded to a four-charcter octal-style escape of the form "\123" resulting in >20 characters for the >5 byte multibyte character.) I've not been able to reproduce this, but have expanded the conversion buffer to 128 bytes on the belief that no multibyte character set has a single character of more than 32 bytes. Index: libarchive-3.1.2/tar/util.c =================================================================== --- libarchive-3.1.2.orig/tar/util.c +++ libarchive-3.1.2/tar/util.c @@ -181,7 +181,7 @@ safe_fprintf(FILE *f, const char *fmt, . } /* If our output buffer is full, dump it and keep going. */ - if (i > (sizeof(outbuff) - 20)) { + if (i > (sizeof(outbuff) - 128)) { outbuff[i] = '\0'; fprintf(f, "%s", outbuff); i = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor