Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/p7zip/patches/CVE-2016-2334.patch
author Craig Mohrman <craig.mohrman@oracle.com>
Thu, 04 Aug 2016 08:26:36 -0700
changeset 6548 24913c16931e
parent 6131 10e69396d753
permissions -rw-r--r--
PSARC/2016/303 enable rsyslog as default Solaris logger 24362425 rsyslog should degrade service if syslog.conf has been modified

This patch was pulled from the p7zip forums at:

https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/1dba/attachment/CVE-2016-2334.patch

This should be part of p7zip 16, once it ships.

Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
===================================================================
--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
+++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
       item.GroupID = Get32(r + 0x24);
       item.AdminFlags = r[0x28];
       item.OwnerFlags = r[0x29];
+      */
       item.FileMode = Get16(r + 0x2A);
+      /*
       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
       item.FileType = Get32(r + 0x30);
       item.FileCreator = Get32(r + 0x34);
@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
 
     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
 
+    if (size > buf.Size() || size > kCompressionBlockSize + 1)
+        return S_FALSE;
+
     RINOK(ReadStream_FALSE(inStream, buf, size));
 
     if ((buf[0] & 0xF) == 0xF)
upstream/oracle/userland-gate