File CVE-2016-4302.patch of Package libarchive

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-4302.patch of Package libarchive

commit 05caadc7eedbef471ac9610809ba683f0c698700
Author: Tim Kientzle <kientzle@acm.org>
Date:   Sun Jun 19 14:21:42 2016 -0700

Issue 719:  Fix for TALOS-CAN-154
    
    A RAR file with an invalid zero dictionary size was not being
    rejected, leading to a zero-sized allocation for the dictionary
    storage which was then overwritten during the dictionary initialization.
    
    Thanks to the Open Source and Threat Intelligence project at Cisco for
    reporting this.

Index: libarchive-3.1.2/libarchive/archive_read_support_format_rar.c
===================================================================
--- libarchive-3.1.2.orig/libarchive/archive_read_support_format_rar.c
+++ libarchive-3.1.2/libarchive/archive_read_support_format_rar.c
@@ -2049,6 +2049,12 @@ parse_codes(struct archive_read *a)
       rar->range_dec.Stream = &rar->bytein;
       __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context);
 
+      if (rar->dictionary_size == 0) {
+	      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+                          "Invalid zero dictionary size");
+	      return (ARCHIVE_FATAL);
+      }
+
       if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context,
         rar->dictionary_size, &g_szalloc))
       {

Places

File CVE-2016-4302.patch of Package libarchive

Places