1 |
ssuominen 13/03/30 15:19:18 |
2 |
|
3 |
Added: libarchive-3.1.2-CVE-2013-0211.patch |
4 |
Log: |
5 |
Backport upstream patch for CVE-2013-0211 wrt security #463632 by Agostino Sarubbo |
6 |
|
7 |
(Portage version: 2.2.0_alpha169/cvs/Linux x86_64, signed Manifest commit with key 4868F14D) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 app-arch/libarchive/files/libarchive-3.1.2-CVE-2013-0211.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-arch/libarchive/files/libarchive-3.1.2-CVE-2013-0211.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-arch/libarchive/files/libarchive-3.1.2-CVE-2013-0211.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: libarchive-3.1.2-CVE-2013-0211.patch |
16 |
=================================================================== |
17 |
From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 |
18 |
From: Tim Kientzle <kientzle@×××.org> |
19 |
Date: Fri, 22 Mar 2013 23:48:41 -0700 |
20 |
Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a |
21 |
certain common programming error (passing -1 to write) from leading to other |
22 |
problems deeper in the library. |
23 |
|
24 |
--- |
25 |
libarchive/archive_write.c | 5 +++++ |
26 |
1 file changed, 5 insertions(+) |
27 |
|
28 |
diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c |
29 |
index eede5e0..be85621 100644 |
30 |
--- a/libarchive/archive_write.c |
31 |
+++ b/libarchive/archive_write.c |
32 |
@@ -673,8 +673,13 @@ static ssize_t |
33 |
_archive_write_data(struct archive *_a, const void *buff, size_t s) |
34 |
{ |
35 |
struct archive_write *a = (struct archive_write *)_a; |
36 |
+ const size_t max_write = INT_MAX; |
37 |
+ |
38 |
archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, |
39 |
ARCHIVE_STATE_DATA, "archive_write_data"); |
40 |
+ /* In particular, this catches attempts to pass negative values. */ |
41 |
+ if (s > max_write) |
42 |
+ s = max_write; |
43 |
archive_clear_error(&a->archive); |
44 |
return ((a->format_write_data)(a, buff, s)); |
45 |
} |
46 |
-- |
47 |
1.8.1 |