Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 459882 Details for
Bug 572418
<app-arch/lha-114i_p20201004: Buffer Overflow in lha compression utility
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
lha-114i-fix-CVE-2016-1925.patch
lha-114i-fix-CVE-2016-1925.patch (text/plain), 2.24 KB, created by
Paolo Pedroni
on 2017-01-13 15:51:05 UTC
(
hide
)
Description:
lha-114i-fix-CVE-2016-1925.patch
Filename:
MIME Type:
Creator:
Paolo Pedroni
Created:
2017-01-13 15:51:05 UTC
Size:
2.24 KB
patch
obsolete
>From bf2471f59ecc1aa45645d967bc9fa0efa3de3556 Mon Sep 17 00:00:00 2001 >From: Koji Arai <jca02266@gmail.com> >Date: Sat, 16 Jan 2016 21:28:44 +0900 >Subject: [PATCH] Avoid the buffer overflow BUG to occur to read the level0 or > level1 header > >--- > src/header.c | 22 ++++++++++++++++++---- > 1 file changed, 18 insertions(+), 4 deletions(-) > >diff --git a/src/header.c b/src/header.c >index ca0d037..516ab5d 100644 >--- a/src/header.c >+++ b/src/header.c >@@ -788,6 +788,7 @@ get_header_level0(fp, hdr, data) > char *data; > { > size_t header_size; >+ ssize_t remain_size; > ssize_t extend_size; > int checksum; > int name_length; >@@ -797,8 +798,14 @@ get_header_level0(fp, hdr, data) > hdr->header_size = header_size = get_byte(); > checksum = get_byte(); > >- if (fread(data + COMMON_HEADER_SIZE, >- header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) { >+ /* The data variable has been already read as COMMON_HEADER_SIZE bytes. >+ So we must read the remaining header size by the header_size. */ >+ remain_size = header_size + 2 - COMMON_HEADER_SIZE; >+ if (remain_size <= 0) { >+ error("Invalid header size (LHarc file ?)"); >+ return FALSE; >+ } >+ if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) { > error("Invalid header (LHarc file ?)"); > return FALSE; /* finish */ > } >@@ -904,6 +911,7 @@ get_header_level1(fp, hdr, data) > char *data; > { > size_t header_size; >+ ssize_t remain_size; > ssize_t extend_size; > int checksum; > int name_length; >@@ -913,8 +921,14 @@ get_header_level1(fp, hdr, data) > hdr->header_size = header_size = get_byte(); > checksum = get_byte(); > >- if (fread(data + COMMON_HEADER_SIZE, >- header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) { >+ /* The data variable has been already read as COMMON_HEADER_SIZE bytes. >+ So we must read the remaining header size by the header_size. */ >+ remain_size = header_size + 2 - COMMON_HEADER_SIZE; >+ if (remain_size <= 0) { >+ error("Invalid header size (LHarc file ?)"); >+ return FALSE; >+ } >+ if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) { > error("Invalid header (LHarc file ?)"); > return FALSE; /* finish */ > } >-- >2.1.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=459882">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 572418
: 459882 |
590626
|
590628
|
590630
|
590844
