summary refs log tree commit diff
path: root/gnu/packages/patches/libarchive-CVE-2017-14166.patch
blob: a1228484401bde039893f33ab873eaad125ce96c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Fix CVE-2017-14166:

https://github.com/libarchive/libarchive/issues/935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166

Patch copied from upstream source repository:

https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71

From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Tue, 5 Sep 2017 18:12:19 +0200
Subject: [PATCH] Do something sensible for empty strings to make fuzzers
 happy.

---
 libarchive/archive_read_support_format_xar.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
index 7a22beb9d..93eeacc5e 100644
--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
 	uint64_t l;
 	int digit;
 
+	if (char_cnt == 0)
+		return (0);
+
 	l = 0;
 	digit = *p - '0';
 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
 {
 	int64_t l;
 	int digit;
-        
+
+	if (char_cnt == 0)
+		return (0);
+
 	l = 0;
 	while (char_cnt-- > 0) {
 		if (*p >= '0' && *p <= '7')