diff options
| author | Jason Unovitch <junovitch@FreeBSD.org> | 2016-01-18 23:51:27 +0000 |
|---|---|---|
| committer | Jason Unovitch <junovitch@FreeBSD.org> | 2016-01-18 23:51:27 +0000 |
| commit | 46aae99570886dc311e142f7af9ba155c8bbf753 (patch) | |
| tree | a55f1ee7c373caa6463cf5930ef2775b8ce4cfbd /archivers/libarchive/files/patch-cpio3-24f5de6 | |
| parent | Document several vulnerabilities in libarchive (diff) | |
archivers/libarchive: apply patches for multiple security vulnerablities
- Add patch for denial of service via unspecified vectors [1]
- Add patch for directory traveral via absolute paths [2]
- Add patch for crash/infinite loop on malformed CPIO archives (base r282932) [3]
PR: 200176 [3]
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Approved by: maintainer timeout (glewis, 8 months)
Obtained from: https://github.com/libarchive/libarchive
Commits 2253154 [1], 5935715 [2], 3865cf2, e6c9668, 24f5de6 [3]
Security: CVE-2013-0211 [1]
Security: CVE-2015-2304 [2]
Security: https://vuxml.FreeBSD.org/freebsd/7c63775e-be31-11e5-b5fe-002590263bf5.html
MFH: 2016Q1
Notes
Notes:
svn path=/head/; revision=406624
Diffstat (limited to '')
| -rw-r--r-- | archivers/libarchive/files/patch-cpio3-24f5de6 | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/archivers/libarchive/files/patch-cpio3-24f5de6 b/archivers/libarchive/files/patch-cpio3-24f5de6 new file mode 100644 index 000000000000..97737cfe89b1 --- /dev/null +++ b/archivers/libarchive/files/patch-cpio3-24f5de6 @@ -0,0 +1,40 @@ +commit 24f5de6560f31a67bfdf5ddec367e70ecfa9e440 +Author: Tim Kientzle <kientzle@acm.org> +Date: Fri Feb 6 22:07:16 2015 -0800 + + Set a proper error message if we hit end-of-file when + trying to read a cpio header. + + Suggested by Issue #395, although the actual problem there + seems to have been the same as Issue #394. + +diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c +index e7b3d0c..c2ca85b 100644 +--- libarchive/archive_read_support_format_cpio.c ++++ libarchive/archive_read_support_format_cpio.c +@@ -866,8 +866,11 @@ header_bin_le(struct archive_read *a, struct cpio *cpio, + + /* Read fixed-size portion of header. */ + h = __archive_read_ahead(a, bin_header_size, NULL); +- if (h == NULL) ++ if (h == NULL) { ++ archive_set_error(&a->archive, 0, ++ "End of file trying to read next cpio header"); + return (ARCHIVE_FATAL); ++ } + + /* Parse out binary fields. */ + header = (const unsigned char *)h; +@@ -902,8 +905,11 @@ header_bin_be(struct archive_read *a, struct cpio *cpio, + + /* Read fixed-size portion of header. */ + h = __archive_read_ahead(a, bin_header_size, NULL); +- if (h == NULL) ++ if (h == NULL) { ++ archive_set_error(&a->archive, 0, ++ "End of file trying to read next cpio header"); + return (ARCHIVE_FATAL); ++ } + + /* Parse out binary fields. */ + header = (const unsigned char *)h; |