Line 0
Link Here
|
|
|
1 |
CVE-2016-2334 |
2 |
|
3 |
--- CPP/7zip/Archive/HfsHandler.cpp.orig Fri Jun 19 06:52:08 2015 |
4 |
+++ CPP/7zip/Archive/HfsHandler.cpp Mon May 23 20:37:42 2016 |
5 |
@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, cons |
6 |
item.GroupID = Get32(r + 0x24); |
7 |
item.AdminFlags = r[0x28]; |
8 |
item.OwnerFlags = r[0x29]; |
9 |
+ */ |
10 |
item.FileMode = Get16(r + 0x2A); |
11 |
+ /* |
12 |
item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount |
13 |
item.FileType = Get32(r + 0x30); |
14 |
item.FileCreator = Get32(r + 0x34); |
15 |
@@ -1571,6 +1573,9 @@ HRESULT CHandler::ExtractZlibFile( |
16 |
blockSize = (UInt32)rem; |
17 |
|
18 |
UInt32 size = GetUi32(tableBuf + i * 8 + 4); |
19 |
+ |
20 |
+ if (size > buf.Size() || size > kCompressionBlockSize + 1) |
21 |
+ return S_FALSE; |
22 |
|
23 |
RINOK(ReadStream_FALSE(inStream, buf, size)); |
24 |
|