author: Raphael Kubo da Costa <rakuco@FreeBSD.org> 2016-07-15 11:25:07 +0000
committer: Raphael Kubo da Costa <rakuco@FreeBSD.org> 2016-07-15 11:25:07 +0000
commit: f8420dd1b47020e52a2c77cb48809ae3d4ddf63b (patch)
tree: 41131e359b8821147ee1022b27a2e478dc1f016b /archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp
parent: 391c843c6c5231bafe3bb141737be260b7c61d12 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp b/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp
new file mode 100644
index 000000000000..2ff5cd79e848
--- /dev/null
+++ b/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp
@@ -0,0 +1,25 @@
+Patch for CVE-2016-2334.
+
+Obtained from: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
+--- CPP/7zip/Archive/HfsHandler.cpp.orig	Fri Jun 19 06:52:08 2015
++++ CPP/7zip/Archive/HfsHandler.cpp	Mon May 23 20:37:42 2016
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, cons
+       item.GroupID = Get32(r + 0x24);
+       item.AdminFlags = r[0x28];
+       item.OwnerFlags = r[0x29];
++      */
+       item.FileMode = Get16(r + 0x2A);
++      /*
+       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+       item.FileType = Get32(r + 0x30);
+       item.FileCreator = Get32(r + 0x34);
+@@ -1571,6 +1573,9 @@ HRESULT CHandler::ExtractZlibFile(
+       blockSize = (UInt32)rem;
+ 
+     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
++
++    if (size > buf.Size() || size > kCompressionBlockSize + 1)
++        return S_FALSE;
+ 
+     RINOK(ReadStream_FALSE(inStream, buf, size));
+
author	Raphael Kubo da Costa <rakuco@FreeBSD.org>	2016-07-15 11:25:07 +0000
committer	Raphael Kubo da Costa <rakuco@FreeBSD.org>	2016-07-15 11:25:07 +0000
commit	f8420dd1b47020e52a2c77cb48809ae3d4ddf63b (patch)
tree	41131e359b8821147ee1022b27a2e478dc1f016b /archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp
parent	391c843c6c5231bafe3bb141737be260b7c61d12 (diff)