Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Rings:1-MinimalX
libarchive
CVE-2016-4809.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-4809.patch of Package libarchive
commit fd7e0c02e272913a0a8b6d492c7260dfca0b1408 Author: Tim Kientzle <kientzle@acm.org> Date: Sat May 14 12:37:37 2016 -0700 Reject cpio symlinks that exceed 1MB Index: libarchive-3.1.2/libarchive/archive_read_support_format_cpio.c =================================================================== --- libarchive-3.1.2.orig/libarchive/archive_read_support_format_cpio.c +++ libarchive-3.1.2/libarchive/archive_read_support_format_cpio.c @@ -399,6 +399,11 @@ archive_read_format_cpio_read_header(str /* If this is a symlink, read the link contents. */ if (archive_entry_filetype(entry) == AE_IFLNK) { + if (cpio->entry_bytes_remaining > 1024 * 1024) { + archive_set_error(&a->archive, ENOMEM, + "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte"); + return (ARCHIVE_FATAL); + } h = __archive_read_ahead(a, (size_t)cpio->entry_bytes_remaining, NULL); if (h == NULL)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor