diff options
author | Martin Matuska <mm@FreeBSD.org> | 2018-12-13 11:15:14 +0000 |
---|---|---|
committer | Martin Matuska <mm@FreeBSD.org> | 2018-12-13 11:15:14 +0000 |
commit | c6234fa1ee365085418a23124c988baf3d02c2fd (patch) | |
tree | 5d40c1fc0618a98f58bf9d542cae1f09eae0df80 | |
parent | 8f080f5de123dc76bd3025310c312eb06d24e78d (diff) | |
download | src-c6234fa1ee365085418a23124c988baf3d02c2fd.tar.gz src-c6234fa1ee365085418a23124c988baf3d02c2fd.zip |
Update vendor/libarchive/dist to git cef97307a3f681fcbb2cc02db6df3619a3f8b69c
Relevant vendor changes:
PR #1105: Fix various crash, memory corruption and infinite loop conditions
Notes
Notes:
svn path=/vendor/libarchive/dist/; revision=342041
-rw-r--r-- | libarchive/archive_acl.c | 5 | ||||
-rw-r--r-- | libarchive/archive_read_support_format_rar.c | 14 | ||||
-rw-r--r-- | libarchive/archive_read_support_format_warc.c | 5 |
3 files changed, 24 insertions, 0 deletions
diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c index 512beee1f734..7beeee86efed 100644 --- a/libarchive/archive_acl.c +++ b/libarchive/archive_acl.c @@ -1723,6 +1723,11 @@ archive_acl_from_text_l(struct archive_acl *acl, const char *text, st = field[n].start + 1; len = field[n].end - field[n].start; + if (len == 0) { + ret = ARCHIVE_WARN; + continue; + } + switch (*s) { case 'u': if (len == 1 || (len == 4 diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c index 234522229e40..a8cc5c94d846 100644 --- a/libarchive/archive_read_support_format_rar.c +++ b/libarchive/archive_read_support_format_rar.c @@ -258,6 +258,7 @@ struct rar struct data_block_offsets *dbo; unsigned int cursor; unsigned int nodes; + char filename_must_match; /* LZSS members */ struct huffman_code maincode; @@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_entry *entry, } return ret; } + else if (rar->filename_must_match) + { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Mismatch of file parts split across multi-volume archive"); + return (ARCHIVE_FATAL); + } rar->filename_save = (char*)realloc(rar->filename_save, filename_size + 1); @@ -2300,6 +2307,11 @@ parse_codes(struct archive_read *a) new_size = DICTIONARY_MAX_SIZE; else new_size = rar_fls((unsigned int)rar->unp_size) << 1; + if (new_size == 0) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Zero window size is invalid."); + return (ARCHIVE_FATAL); + } new_window = realloc(rar->lzss.window, new_size); if (new_window == NULL) { archive_set_error(&a->archive, ENOMEM, @@ -2928,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail) else if (*avail == 0 && rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER) { + rar->filename_must_match = 1; ret = archive_read_format_rar_read_header(a, a->entry); if (ret == (ARCHIVE_EOF)) { rar->has_endarc_header = 1; ret = archive_read_format_rar_read_header(a, a->entry); } + rar->filename_must_match = 0; if (ret != (ARCHIVE_OK)) return NULL; return rar_read_ahead(a, min, avail); diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c index e8753853f3c8..e8fc8428b41e 100644 --- a/libarchive/archive_read_support_format_warc.c +++ b/libarchive/archive_read_support_format_warc.c @@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, size_t *bsz, int64_t *off) return (ARCHIVE_EOF); } + if (w->unconsumed) { + __archive_read_consume(a, w->unconsumed); + w->unconsumed = 0U; + } + rab = __archive_read_ahead(a, 1U, &nrd); if (nrd < 0) { *bsz = 0U; |