diff options
Diffstat (limited to 'meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch')
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch deleted file mode 100644 index 25a76fdcd2..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch +++ /dev/null @@ -1,61 +0,0 @@ -CVE: CVE-2019-1000020 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001 -From: Daniel Axtens <dja@axtens.net> -Date: Tue, 1 Jan 2019 17:10:49 +1100 -Subject: [PATCH 1/2] iso9660: Fail when expected Rockridge extensions is - missing - -A corrupted or malicious ISO9660 image can cause read_CE() to loop -forever. - -read_CE() calls parse_rockridge(), expecting a Rockridge extension -to be read. However, parse_rockridge() is structured as a while -loop starting with a sanity check, and if the sanity check fails -before the loop has run, the function returns ARCHIVE_OK without -advancing the position in the file. This causes read_CE() to retry -indefinitely. - -Make parse_rockridge() return ARCHIVE_WARN if it didn't read an -extension. As someone with no real knowledge of the format, this -seems more apt than ARCHIVE_FATAL, but both the call-sites escalate -it to a fatal error immediately anyway. - -Found with a combination of AFL, afl-rb (FairFuzz) and qsym. ---- - libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c -index 28acfefbb..bad8f1dfe 100644 ---- a/libarchive/archive_read_support_format_iso9660.c -+++ b/libarchive/archive_read_support_format_iso9660.c -@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file, - const unsigned char *p, const unsigned char *end) - { - struct iso9660 *iso9660; -+ int entry_seen = 0; - - iso9660 = (struct iso9660 *)(a->format->data); - -@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file, - } - - p += p[2]; -+ entry_seen = 1; -+ } -+ -+ if (entry_seen) -+ return (ARCHIVE_OK); -+ else { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Tried to parse Rockridge extensions, but none found"); -+ return (ARCHIVE_WARN); - } -- return (ARCHIVE_OK); - } - - static int - |