diff options
Diffstat (limited to 'poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch')
| -rw-r--r-- | poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch new file mode 100644 index 000000000..e85fec40a --- /dev/null +++ b/poky/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch @@ -0,0 +1,37 @@ +libarchive-3.3.2: Fix CVE-2017-14166 + +[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935 + +archive_read_support_format_xar: heap-based buffer overflow in xml_data + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71] +CVE: CVE-2017-14166 +Bug: 935 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c +index 7a22beb..93eeacc 100644 +--- a/libarchive/archive_read_support_format_xar.c ++++ b/libarchive/archive_read_support_format_xar.c +@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) + uint64_t l; + int digit; + ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + digit = *p - '0'; + while (digit >= 0 && digit < 10 && char_cnt-- > 0) { +@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) + { + int64_t l; + int digit; +- ++ ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + while (char_cnt-- > 0) { + if (*p >= '0' && *p <= '7') |
