Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Staging:A
libarchive
CVE-2015-8919.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2015-8919.patch of Package libarchive
commit e8a2e4d2e6b450a239bb8f9d74239fa434bf7d35 Author: Tim Kientzle <kientzle@acm.org> Date: Sat Feb 7 13:32:58 2015 -0800 Issue 402: Failed to recognize empty dir name in lha/lzh file When parsing a directory name, we checked for the name length being zero, but not for the first byte being a null byte. Add a similar check for the file case. Index: libarchive-3.1.2/libarchive/archive_read_support_format_lha.c =================================================================== --- libarchive-3.1.2.orig/libarchive/archive_read_support_format_lha.c +++ libarchive-3.1.2/libarchive/archive_read_support_format_lha.c @@ -1230,13 +1230,15 @@ lha_read_file_extended_header(struct arc archive_string_empty(&lha->filename); break; } + if (extdheader[0] == '\0') + goto invalid; archive_strncpy(&lha->filename, (const char *)extdheader, datasize); break; case EXT_DIRECTORY: - if (datasize == 0) + if (datasize == 0 || extdheader[0] == '\0') /* no directory name data. exit this case. */ - break; + goto invalid; archive_strncpy(&lha->dirname, (const char *)extdheader, datasize);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor