opkg

statically linked package installer
git clone anongit@rnpnr.xyz:opkg.git
Log | Files | Refs | Feed | Submodules | README | LICENSE

0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch (2373B)

      1 From 9decdbe830f233fad7428df99e0c2d34887ac3cf Mon Sep 17 00:00:00 2001
      2 From: "Steven M. Schweda" <sms@antinode.info>
      3 Date: Sat, 15 Jun 2019 18:13:11 -0700
      4 Subject: [PATCH] Fix CVE-2014-8139: CRC32 verification heap-based overflow
      5 
      6 ---
      7  extract.c | 17 ++++++++++++++---
      8  1 file changed, 14 insertions(+), 3 deletions(-)
      9 
     10 diff --git a/extract.c b/extract.c
     11 index 1acd769..df0fa1c 100644
     12 --- a/extract.c
     13 +++ b/extract.c
     14 @@ -1,5 +1,5 @@
     15  /*
     16 -  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
     17 +  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
     18  
     19    See the accompanying file LICENSE, version 2009-Jan-02 or later
     20    (the contents of which are also included in unzip.h) for terms of use.
     21 @@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
     22  #ifndef SFX
     23     static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
     24       EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
     25 +   static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
     26 +     EF block length (%u bytes) invalid (< %d)\n";
     27     static ZCONST char Far InvalidComprDataEAs[] =
     28       " invalid compressed data for EAs\n";
     29  #  if (defined(WIN32) && defined(NTSD_EAS))
     30 @@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len)
     31          ebID = makeword(ef);
     32          ebLen = (unsigned)makeword(ef+EB_LEN);
     33  
     34 -        if (ebLen > (ef_len - EB_HEADSIZE)) {
     35 +        if (ebLen > (ef_len - EB_HEADSIZE))
     36 +        {
     37             /* Discovered some extra field inconsistency! */
     38              if (uO.qflag)
     39                  Info(slide, 1, ((char *)slide, "%-22s ",
     40 @@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_len)
     41                  }
     42                  break;
     43              case EF_PKVMS:
     44 -                if (makelong(ef+EB_HEADSIZE) !=
     45 +                if (ebLen < 4)
     46 +                {
     47 +                    Info(slide, 1,
     48 +                     ((char *)slide, LoadFarString(TooSmallEBlength),
     49 +                     ebLen, 4));
     50 +                }
     51 +                else if (makelong(ef+EB_HEADSIZE) !=
     52                      crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
     53                            (extent)(ebLen-4)))
     54 +                {
     55                      Info(slide, 1, ((char *)slide,
     56                        LoadFarString(BadCRC_EAs)));
     57 +                }
     58                  break;
     59              case EF_PKW32:
     60              case EF_PKUNIX:
     61 -- 
     62 2.20.1
     63