Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
libmspack.704
fix-pointer-arithmetic-overflow.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-pointer-arithmetic-overflow.patch of Package libmspack.704
Extracted from git to match Debian patch and CVE From 5692b75a21bf71dd86ac84bcfeb9ce8c0830658e Mon Sep 17 00:00:00 2001 From: Stuart Caie <kyzer@4u.net> Date: Thu, 15 Jan 2015 00:49:08 +0000 Subject: [PATCH] better bounds checks reading CHM data, preventing segfaults --- libmspack/trunk/ChangeLog | 10 ++++++++++ libmspack/trunk/mspack/chmd.c | 8 +++++--- 2 files changed, 15 insertions(+), 3 deletions(-) From bef420ede1039dbdc8d6acafa2f115be2ec86bef Mon Sep 17 00:00:00 2001 From: Stuart Caie <kyzer@4u.net> Date: Sun, 18 Jan 2015 23:05:07 +0000 Subject: [PATCH] Another fix for checking name_len is within chunk bounds --- libmspack/trunk/ChangeLog | 3 +++ libmspack/trunk/mspack/chmd.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) From 3f8a171b95b858f2d98e60b6da8a427ef530516b Mon Sep 17 00:00:00 2001 From: Stuart Caie <kyzer@4u.net> Date: Sun, 18 Jan 2015 23:11:39 +0000 Subject: [PATCH] better fix --- libmspack/trunk/ChangeLog | 2 +- libmspack/trunk/mspack/chmd.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) #diff --git a/libmspack/trunk/ChangeLog b/libmspack/trunk/ChangeLog #index 3472950..a7cf6f4 100644 #--- a/libmspack/trunk/ChangeLog #+++ b/libmspack/trunk/ChangeLog #@@ -1,3 +1,13 @@ #+2015-01-15 Stuart Caie <kyzer@4u.net> #+ #+ * chmd_read_headers(): add a bounds check to prevent over-reading data, #+ which caused a segfault on 32-bit architectures. Thanks to Jakub Wilk. #+ #+ * search_chunk(): change the order of pointer arithmetic operations to #+ avoid overflow during bounds checks, which lead to segfaults on 32-bit #+ architectures. Again, thanks to Jakub Wilk for finding this issue, #+ providing sample files and a patch. #+ # 2015-01-08 Stuart Caie <kyzer@4u.net> # # * cabd_extract(): No longer uses broken state data if extracting from #diff --git a/libmspack/trunk/ChangeLog b/libmspack/trunk/ChangeLog #index 97eb31b..a59c779 100644 #--- a/libmspack/trunk/ChangeLog #+++ b/libmspack/trunk/ChangeLog #@@ -9,6 +9,9 @@ # * inflate(): off-by-one error. Distance codes are 0-29, not 0-30. # Thanks to Jakub Wilk again. # #+ * chmd_read_headers(), search_chunk(): another fix for checking name_len #+ is within a chunk, thanks again to Jakub Wilk. #+ # 2015-01-17 Stuart Caie <kyzer@4u.net> # # * GET_UTF8_CHAR(): Remove 5/6-byte encoding support and check decoded #diff --git a/libmspack/trunk/ChangeLog b/libmspack/trunk/ChangeLog #index a59c779..63d88b5 100644 #--- a/libmspack/trunk/ChangeLog #+++ b/libmspack/trunk/ChangeLog #@@ -9,7 +9,7 @@ # * inflate(): off-by-one error. Distance codes are 0-29, not 0-30. # Thanks to Jakub Wilk again. # #- * chmd_read_headers(), search_chunk(): another fix for checking name_len #+ * chmd_read_headers(), search_chunk(): another fix for checking pointer # is within a chunk, thanks again to Jakub Wilk. # # 2015-01-17 Stuart Caie <kyzer@4u.net> diff --git a/libmspack/trunk/ChangeLog b/libmspack/trunk/ChangeLog index 3472950..a7cf6f4 100644 Index: libmspack/mspack/chmd.c =================================================================== --- libmspack.orig/mspack/chmd.c +++ libmspack/mspack/chmd.c @@ -746,7 +746,7 @@ static int search_chunk(struct mschmd_he /* compare filename with entry QR points to */ p = &chunk[entries_off + (M ? EndGetI16(start - (M << 1)) : 0)]; READ_ENCINT(name_len); - if (p + name_len > end) goto chunk_end; + if (name_len > (unsigned int) (end - p)) goto chunk_end; cmp = compare(filename, (char *)p, fname_len, name_len); if (cmp == 0) break; @@ -783,7 +783,7 @@ static int search_chunk(struct mschmd_he *result = NULL; while (num_entries-- > 0) { READ_ENCINT(name_len); - if (p + name_len > end) goto chunk_end; + if (name_len > (unsigned int) (end - p)) goto chunk_end; cmp = compare(filename, (char *)p, fname_len, name_len); p += name_len;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor