libarchive: fix bug929 and CVE-2017-14166

(From OE-Core rev: 9b248a17d60b70cb715f15c0401dc5ddc38eee98) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andrej Valek <andrej.valek@siemens.com> 2017-09-11 16:20:37 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-09-12 23:55:29 +0100
commit: fed25846aca85cc83db0a1cb9f05f4736b8b9287 (patch)
tree: 96932dd6c23dcd75298d0a53bc7ceabfc783ff71 /meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch
parent: f44dfe63a49675e51a72ba271771c1c26650cb43 (diff)
download: poky-fed25846aca85cc83db0a1cb9f05f4736b8b9287.tar.gz
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch
new file mode 100644
index 0000000000..e85fec40aa
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch
@@ -0,0 +1,37 @@
+libarchive-3.3.2: Fix CVE-2017-14166
+[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935
+archive_read_support_format_xar: heap-based buffer overflow in xml_data
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71]
+CVE: CVE-2017-14166
+Bug: 935
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb..93eeacc 100644
+--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+        uint64_t l;
+        int digit;
+ 
+       if (char_cnt == 0)
+               return (0);
+
+        l = 0;
+        digit = *p - '0';
+        while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+        int64_t l;
+        int digit;
+-        
+
+       if (char_cnt == 0)
+               return (0);
+
+        l = 0;
+        while (char_cnt-- > 0) {
+                if (*p >= '0' && *p <= '7')
author	Andrej Valek <andrej.valek@siemens.com>	2017-09-11 16:20:37 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-09-12 23:55:29 +0100
commit	fed25846aca85cc83db0a1cb9f05f4736b8b9287 (patch)
tree	96932dd6c23dcd75298d0a53bc7ceabfc783ff71 /meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch
parent	f44dfe63a49675e51a72ba271771c1c26650cb43 (diff)
download	poky-fed25846aca85cc83db0a1cb9f05f4736b8b9287.tar.gz

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch new file mode 100644 index 0000000000..e85fec40aa --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch
@@ -0,0 +1,37 @@
	1	libarchive-3.3.2: Fix CVE-2017-14166
	2
	3	[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935
	4
	5	archive_read_support_format_xar: heap-based buffer overflow in xml_data
	6
	7	Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71]
	8	CVE: CVE-2017-14166
	9	Bug: 935
	10	Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
	11
	12	diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
	13	index 7a22beb..93eeacc 100644
	14	--- a/libarchive/archive_read_support_format_xar.c
	15	+++ b/libarchive/archive_read_support_format_xar.c
	16	@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
	17	uint64_t l;
	18	int digit;
	19
	20	+ if (char_cnt == 0)
	21	+ return (0);
	22	+
	23	l = 0;
	24	digit = *p - '0';
	25	while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
	26	@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
	27	{
	28	int64_t l;
	29	int digit;
	30	-
	31	+
	32	+ if (char_cnt == 0)
	33	+ return (0);
	34	+
	35	l = 0;
	36	while (char_cnt-- > 0) {
	37	if (p >= '0' && p <= '7')