~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH edge] main/libarchive: security fixes #6790

Details
Message ID
<20170201090929.12636-1-sergej.lukin@gmail.com>
Sender timestamp
1485940169
DKIM signature
missing
Download raw message
Patch: +37 -5
CVE-2017-5601: Out of bounds read in lha_read_file_header_1() function
---
 main/libarchive/APKBUILD            | 21 ++++++++++++++++-----
 main/libarchive/CVE-2017-5601.patch | 21 +++++++++++++++++++++
 2 files changed, 37 insertions(+), 5 deletions(-)
 create mode 100644 main/libarchive/CVE-2017-5601.patch

diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index 69191829b5..d976f795ab 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
@@ -1,7 +1,8 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libarchive
pkgver=3.2.2
pkgrel=0
pkgrel=1
pkgdesc="library that can create and read several streaming archive formats"
url="http://libarchive.org/"
arch="all"
@@ -10,7 +11,14 @@ depends=""
depends_dev="zlib-dev bzip2-dev xz-dev acl-dev libressl-dev expat-dev"
makedepends="$depends_dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz"
source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
	CVE-2017-5601.patch
	"

# secfixes:
#   3.2.2-r1:
#   - CVE-2017-5601.patch

builddir="$srcdir/$pkgname-$pkgver"

build () {
@@ -36,6 +44,9 @@ tools() {
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}

md5sums="1ec00b7dcaf969dd2a5712f85f23c764  libarchive-3.2.2.tar.gz"
sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f  libarchive-3.2.2.tar.gz"
sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7  libarchive-3.2.2.tar.gz"
md5sums="1ec00b7dcaf969dd2a5712f85f23c764  libarchive-3.2.2.tar.gz
165d8eb95d6083dfd3e8f2453a644497  CVE-2017-5601.patch"
sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f  libarchive-3.2.2.tar.gz
572abfaf0e252f855a500bfc17eb711f26be6e94133a8e3bbf929e49b0450533  CVE-2017-5601.patch"
sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7  libarchive-3.2.2.tar.gz
c450b0a9eb952b292d3749acd7041b59a0fa72b8f5a284ceaab6665a95336a5b39182addd59628661caf911a6461726ebe1c85c7d39b7d9da84ed6f736ef3e6e  CVE-2017-5601.patch"
diff --git a/main/libarchive/CVE-2017-5601.patch b/main/libarchive/CVE-2017-5601.patch
new file mode 100644
index 0000000000..4103c2a02e
--- /dev/null
+++ b/main/libarchive/CVE-2017-5601.patch
@@ -0,0 +1,21 @@
commit 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
Author: Martin Matuska <martin@matuska.org>
Date:   Thu Jan 19 22:00:18 2017 +0100

    Fail with negative lha->compsize in lha_read_file_header_1()
    Fixes a heap buffer overflow reported in Secunia SA74169

diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
index 52a5531b..d77a7c2e 100644
--- a/libarchive/archive_read_support_format_lha.c
+++ b/libarchive/archive_read_support_format_lha.c
@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
 	/* Get a real compressed file size. */
 	lha->compsize -= extdsize - 2;
 
+	if (lha->compsize < 0)
+		goto invalid;	/* Invalid compressed file size */
+
 	if (sum_calculated != headersum) {
 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
 		    "LHa header sum error");
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)