diff options
Diffstat (limited to 'meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch')
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch new file mode 100644 index 0000000000..e85fec40aa --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | libarchive-3.3.2: Fix CVE-2017-14166 | ||
2 | |||
3 | [No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935 | ||
4 | |||
5 | archive_read_support_format_xar: heap-based buffer overflow in xml_data | ||
6 | |||
7 | Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71] | ||
8 | CVE: CVE-2017-14166 | ||
9 | Bug: 935 | ||
10 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
11 | |||
12 | diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c | ||
13 | index 7a22beb..93eeacc 100644 | ||
14 | --- a/libarchive/archive_read_support_format_xar.c | ||
15 | +++ b/libarchive/archive_read_support_format_xar.c | ||
16 | @@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) | ||
17 | uint64_t l; | ||
18 | int digit; | ||
19 | |||
20 | + if (char_cnt == 0) | ||
21 | + return (0); | ||
22 | + | ||
23 | l = 0; | ||
24 | digit = *p - '0'; | ||
25 | while (digit >= 0 && digit < 10 && char_cnt-- > 0) { | ||
26 | @@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) | ||
27 | { | ||
28 | int64_t l; | ||
29 | int digit; | ||
30 | - | ||
31 | + | ||
32 | + if (char_cnt == 0) | ||
33 | + return (0); | ||
34 | + | ||
35 | l = 0; | ||
36 | while (char_cnt-- > 0) { | ||
37 | if (*p >= '0' && *p <= '7') | ||