Gentoo Archives: gentoo-commits

From:	"Samuli Suominen (ssuominen)" <ssuominen@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in app-arch/libarchive/files: libarchive-3.1.2-CVE-2013-0211.patch
Date:	Sat, 30 Mar 2013 15:19:22
Message-Id:	`20130330151918.155202171E@flycatcher.gentoo.org`

1	ssuominen 13/03/30 15:19:18
2
3	Added: libarchive-3.1.2-CVE-2013-0211.patch
4	Log:
5	Backport upstream patch for CVE-2013-0211 wrt security #463632 by Agostino Sarubbo
6
7	(Portage version: 2.2.0_alpha169/cvs/Linux x86_64, signed Manifest commit with key 4868F14D)
8
9	Revision Changes Path
10	1.1 app-arch/libarchive/files/libarchive-3.1.2-CVE-2013-0211.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-arch/libarchive/files/libarchive-3.1.2-CVE-2013-0211.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-arch/libarchive/files/libarchive-3.1.2-CVE-2013-0211.patch?rev=1.1&content-type=text/plain
14
15	Index: libarchive-3.1.2-CVE-2013-0211.patch
16	===================================================================
17	From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001
18	From: Tim Kientzle <kientzle@×××.org>
19	Date: Fri, 22 Mar 2013 23:48:41 -0700
20	Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a
21	certain common programming error (passing -1 to write) from leading to other
22	problems deeper in the library.
23
24	---
25	libarchive/archive_write.c \| 5 +++++
26	1 file changed, 5 insertions(+)
27
28	diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
29	index eede5e0..be85621 100644
30	--- a/libarchive/archive_write.c
31	+++ b/libarchive/archive_write.c
32	@@ -673,8 +673,13 @@ static ssize_t
33	_archive_write_data(struct archive _a, const void buff, size_t s)
34	{
35	struct archive_write a = (struct archive_write )_a;
36	+ const size_t max_write = INT_MAX;
37	+
38	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
39	ARCHIVE_STATE_DATA, "archive_write_data");
40	+ /* In particular, this catches attempts to pass negative values. */
41	+ if (s > max_write)
42	+ s = max_write;
43	archive_clear_error(&a->archive);
44	return ((a->format_write_data)(a, buff, s));
45	}
46	--
47	1.8.1

Report Message

Find on MARC Find on Google Groups