/[smecontribs]/rpms/libarchive/contribs9/libarchive-2.8.3-CVE-2016-5844.patch
ViewVC logotype

Annotation of /rpms/libarchive/contribs9/libarchive-2.8.3-CVE-2016-5844.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sun Apr 8 03:27:37 2018 UTC (6 years, 7 months ago) by jpp
Branch: MAIN
CVS Tags: libarchive-2_8_5-1_el6_sme, libarchive-2_8_5-0_el6_sme, HEAD
sources

1 jpp 1.1 From cdd485bc519e09aeadc138a6a3002b10bf47c12c Mon Sep 17 00:00:00 2001
2     From: Tim Kientzle <kientzle@acm.org>
3     Date: Sun, 19 Jun 2016 14:34:37 -0700
4     Subject: [PATCH] Issue 717: Fix integer overflow when computing location of
5     volume descriptor
6    
7     The multiplication here defaulted to 'int' but calculations
8     of file positions should always use int64_t. A simple cast
9     suffices to fix this since the base location is always 32 bits
10     for ISO, so multiplying by the sector size will never overflow
11     a 64-bit integer.
12     ---
13     libarchive/archive_read_support_format_iso9660.c | 4 ++--
14     1 file changed, 2 insertions(+), 2 deletions(-)
15    
16     diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
17     index fac2404..4ed3935 100644
18     --- a/libarchive/archive_read_support_format_iso9660.c
19     +++ b/libarchive/archive_read_support_format_iso9660.c
20     @@ -1143,7 +1143,7 @@ archive_read_format_iso9660_read_header(struct archive_read *a,
21     /* This condition is unlikely; by way of caution. */
22     vd = &(iso9660->joliet);
23    
24     - skipsize = LOGICAL_BLOCK_SIZE * vd->location;
25     + skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location;
26     skipsize = __archive_read_skip(a, skipsize);
27     if (skipsize < 0)
28     return ((int)skipsize);
29     @@ -1180,7 +1180,7 @@ archive_read_format_iso9660_read_header(struct archive_read *a,
30     && iso9660->seenJoliet) {
31     /* Switch reading data from primary to joliet. */
32     vd = &(iso9660->joliet);
33     - skipsize = LOGICAL_BLOCK_SIZE * vd->location;
34     + skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location;
35     skipsize -= iso9660->current_position;
36     skipsize = __archive_read_skip(a, skipsize);
37     if (skipsize < 0)
38     --
39     2.7.4
40    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed