aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/dpkg/dpkg/dpkg-CVE-2015-0860.patch
blob: 2fd3c3bb904aa3d4c46d639a710f8d45066bd71d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

From 708e60ea4e16afb1d85da60dd73cb374a987653d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hanno=20B=C3=B6ck?= <hanno@hboeck.de>
Date: Thu, 19 Nov 2015 20:03:10 +0100
Subject: [PATCH 1/1] dpkg-deb: Fix off-by-one write access on ctrllenbuf
 variable

This affects old format .deb packages.

CVE: CVE-2015-0860
Warned-by: afl
Signed-off-by: Guillem Jover <guillem@debian.org>

Upstream-Status: Backport

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
---
 dpkg-deb/extract.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dpkg-deb/extract.c b/dpkg-deb/extract.c
index 5a9587a..e39fb35 100644
--- a/dpkg-deb/extract.c
+++ b/dpkg-deb/extract.c
@@ -247,7 +247,7 @@ extracthalf(const char *debar, const char *dir,
     if (errstr)
       ohshit(_("archive has invalid format version: %s"), errstr);
 
-    r = read_line(arfd, ctrllenbuf, 1, sizeof(ctrllenbuf));
+    r = read_line(arfd, ctrllenbuf, 1, sizeof(ctrllenbuf) - 1);
     if (r < 0)
       read_fail(r, debar, _("archive control member size"));
     if (sscanf(ctrllenbuf, "%jd%c%d", &ctrllennum, &nlc, &dummy) != 2 ||
-- 
1.9.1
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-26 00:46:49 +0000