| author | Petr Sumbera <petr.sumbera@oracle.com> |
| Thu, 19 Jan 2017 08:24:53 -0800 | |
| changeset 7600 | b08206e584c3 |
| parent 6131 | 10e69396d753 |
| permissions | -rw-r--r-- |
|
6131
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
1 |
This patch was pulled from the p7zip forums at: |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
2 |
|
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
3 |
https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/1dba/attachment/CVE-2016-2335.patch |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
4 |
|
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
5 |
This should be part of p7zip 16, once it ships. |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
6 |
|
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
7 |
Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
8 |
=================================================================== |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
9 |
--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
10 |
+++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
11 |
@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
12 |
return S_FALSE; |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
13 |
CFile &file = Files.Back(); |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
14 |
const CLogVol &vol = LogVols[volIndex]; |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
15 |
- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
16 |
+ unsigned partitionRef = lad.Location.PartitionRef; |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
17 |
+ |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
18 |
+ if (partitionRef >= vol.PartitionMaps.Size()) |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
19 |
+ return S_FALSE; |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
20 |
+ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
21 |
|
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
22 |
UInt32 key = lad.Location.Pos; |
|
10e69396d753
23313908 problem in UTILITY/P7ZIP
Danek Duvall <danek.duvall@oracle.com>
parents:
diff
changeset
|
23 |
UInt32 value; |