FreeBSD Bugzilla – Attachment 165786 Details for
Bug 206386
vendor/libarchive: directory traversal vulnerability/local denial of services
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vendor/libarchive/dist: Apply CVE-2013-0211 patch
vendor_libarchive_dist-CVE-2013-0211.patch (text/plain), 1.06 KB, created by
Jason Unovitch
on 2016-01-19 00:14:59 UTC
(
hide
)
Description:
vendor/libarchive/dist: Apply CVE-2013-0211 patch
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2016-01-19 00:14:59 UTC
Size:
1.06 KB
patch
obsolete
>SVN patch based off: > >commit 22531545514043e04633e1c015c7540b9de9dbe4 >Author: Tim Kientzle <kientzle@acm.org> >Date: Fri Mar 22 23:48:41 2013 -0700 > > Limit write requests to at most INT_MAX. > This prevents a certain common programming error (passing -1 to write) > from leading to other problems deeper in the library. > >Index: vendor/libarchive/dist/libarchive/archive_write.c >=================================================================== >--- vendor/libarchive/dist/libarchive/archive_write.c (revision 294293) >+++ vendor/libarchive/dist/libarchive/archive_write.c (working copy) >@@ -671,8 +671,13 @@ > _archive_write_data(struct archive *_a, const void *buff, size_t s) > { > struct archive_write *a = (struct archive_write *)_a; >+ const size_t max_write = INT_MAX; >+ > archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, > ARCHIVE_STATE_DATA, "archive_write_data"); >+ /* In particular, this catches attempts to pass negative values. */ >+ if (s > max_write) >+ s = max_write; > archive_clear_error(&a->archive); > return ((a->format_write_data)(a, buff, s)); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=165786">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 206386
:
165785
| 165786 |
165895