db41b7577d
Upstream has a few more CVEs but didn't make a new release yet.
In the meantime we patch what we can
Fixes:
- CVE-2017-8842
- CVE-2017-8844
- CVE-2017-8845
- CVE-2018-5650
The CVEs left remaining to be fixed by upstream are
( Removed CVE- prefix as to not confuse tools that grep for those
values)
CVE: 2017-8843 SEVERITY: 4.3
CVE: 2017-8846 SEVERITY: 4.3
CVE: 2017-8847 SEVERITY: 4.3
CVE: 2017-9928 SEVERITY: 4.3
CVE: 2017-9929 SEVERITY: 4.3
CVE: 2018-11496 SEVERITY: 4.3
CVE: 2018-5747 SEVERITY: 4.3
24 lines
730 B
Diff
24 lines
730 B
Diff
From 50cfb3b9f68c7458822795e8b87a07dc06b39816 Mon Sep 17 00:00:00 2001
|
|
From: Con Kolivas <kernel@kolivas.org>
|
|
Date: Wed, 16 May 2018 19:26:15 +1000
|
|
Subject: [PATCH] Prevent infinite loop from crafted/corrupt archive in
|
|
unzip_match.
|
|
|
|
---
|
|
runzip.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/runzip.c b/runzip.c
|
|
index 667ae05..44e886d 100644
|
|
--- a/runzip.c
|
|
+++ b/runzip.c
|
|
@@ -219,6 +219,8 @@ static i64 unzip_match(rzip_control *control, void *ss, i64 len, uint32 *cksum,
|
|
|
|
while (len) {
|
|
n = MIN(len, offset);
|
|
+ if (unlikely(n < 1))
|
|
+ fatal_return(("Failed fd history in unzip_match due to corrupt archive\n"), -1);
|
|
|
|
if (unlikely(read_fdhist(control, off_buf, (size_t)n) != (ssize_t)n)) {
|
|
dealloc(buf);
|
|
|