Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/p7zip/patches/CVE-2016-2334.patch
author Lukas Rovensky <Lukas.Rovensky@oracle.com>
Wed, 27 Jul 2016 11:32:28 -0700
branchs11u3-sru
changeset 6734 ea93ede4968e
permissions -rw-r--r--
23313908 problem in UTILITY/P7ZIP 23313942 problem in UTILITY/P7ZIP 22288416 p7zip 15.14.1 19581879 p7zip 64-bit and ASLR

This patch was pulled from the p7zip forums at:

https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/1dba/attachment/CVE-2016-2334.patch

This should be part of p7zip 16, once it ships.

Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
===================================================================
--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
+++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
       item.GroupID = Get32(r + 0x24);
       item.AdminFlags = r[0x28];
       item.OwnerFlags = r[0x29];
+      */
       item.FileMode = Get16(r + 0x2A);
+      /*
       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
       item.FileType = Get32(r + 0x30);
       item.FileCreator = Get32(r + 0x34);
@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
 
     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
 
+    if (size > buf.Size() || size > kCompressionBlockSize + 1)
+        return S_FALSE;
+
     RINOK(ReadStream_FALSE(inStream, buf, size));
 
     if ((buf[0] & 0xF) == 0xF)
upstream/oracle/userland-gate