Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
libgit2
libgit2-delta-overflow-checks.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgit2-delta-overflow-checks.patch of Package libgit2
From 47ea1f58d33601c49e2797db259166c407e59956 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt <ps@pks.im> Date: Thu, 5 Jul 2018 13:30:46 +0200 Subject: [PATCH] delta: fix overflow when computing limit When checking whether a delta base offset and length fit into the base we have in memory already, we can trigger an overflow which breaks the check. This would subsequently result in us reading memory from out of bounds of the base. The issue is easily fixed by checking for overflow when adding `off` and `len`, thus guaranteeting that we are never indexing beyond `base_len`. This corresponds to the git patch 8960844a7 (check patch_delta bounds more carefully, 2006-04-07), which adds these overflow checks. Reported-by: Riccardo Schirone <rschiron@redhat.com> Backported by Mike Gorse <mgorse@suse.com> --- diff -urp libgit2-0.24.1.orig/src/delta-apply.c libgit2-0.24.1/src/delta-apply.c --- libgit2-0.24.1.orig/src/delta-apply.c 2018-08-02 12:05:22.077950970 -0500 +++ libgit2-0.24.1/src/delta-apply.c 2018-08-02 12:05:32.790007042 -0500 @@ -87,7 +87,7 @@ int git__delta_apply( unsigned char cmd = *delta++; if (cmd & 0x80) { /* cmd is a copy instruction; copy from the base. */ - size_t off = 0, len = 0; + size_t off = 0, len = 0, end; #define ADD_DELTA(o, shift) { if (delta < delta_end) (o) |= ((unsigned) *delta++ << shift); else goto fail; } if (cmd & 0x01) ADD_DELTA(off, 0UL); @@ -101,8 +101,10 @@ int git__delta_apply( if (!len) len = 0x10000; #undef ADD_DELTA - if (base_len < off + len || res_sz < len) + if (GIT_ADD_SIZET_OVERFLOW(&end, off, len) || + base_len < end || res_sz < len) goto fail; + memcpy(res_dp, base + off, len); res_dp += len; res_sz -= len;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor