equal
deleted
inserted
replaced
|
1 This patch was pulled from the p7zip forums at: |
|
2 |
|
3 https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/1dba/attachment/CVE-2016-2334.patch |
|
4 |
|
5 This should be part of p7zip 16, once it ships. |
|
6 |
|
7 Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp |
|
8 =================================================================== |
|
9 --- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp |
|
10 +++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp |
|
11 @@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo |
|
12 item.GroupID = Get32(r + 0x24); |
|
13 item.AdminFlags = r[0x28]; |
|
14 item.OwnerFlags = r[0x29]; |
|
15 + */ |
|
16 item.FileMode = Get16(r + 0x2A); |
|
17 + /* |
|
18 item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount |
|
19 item.FileType = Get32(r + 0x30); |
|
20 item.FileCreator = Get32(r + 0x34); |
|
21 @@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile( |
|
22 |
|
23 UInt32 size = GetUi32(tableBuf + i * 8 + 4); |
|
24 |
|
25 + if (size > buf.Size() || size > kCompressionBlockSize + 1) |
|
26 + return S_FALSE; |
|
27 + |
|
28 RINOK(ReadStream_FALSE(inStream, buf, size)); |
|
29 |
|
30 if ((buf[0] & 0xF) == 0xF) |