summaryrefslogtreecommitdiff
path: root/libre/p7zip/CVE-2016-2334.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libre/p7zip/CVE-2016-2334.patch')
-rw-r--r--libre/p7zip/CVE-2016-2334.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/libre/p7zip/CVE-2016-2334.patch b/libre/p7zip/CVE-2016-2334.patch
new file mode 100644
index 000000000..1eb5163cb
--- /dev/null
+++ b/libre/p7zip/CVE-2016-2334.patch
@@ -0,0 +1,24 @@
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+ item.GroupID = Get32(r + 0x24);
+ item.AdminFlags = r[0x28];
+ item.OwnerFlags = r[0x29];
++ */
+ item.FileMode = Get16(r + 0x2A);
++ /*
+ item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+ item.FileType = Get32(r + 0x30);
+ item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+
+ UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+
++ if (size > buf.Size() || size > kCompressionBlockSize + 1)
++ return S_FALSE;
++
+ RINOK(ReadStream_FALSE(inStream, buf, size));
+
+ if ((buf[0] & 0xF) == 0xF)
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-16 10:23:34 +0000