[149394] trunk/dports/archivers/p7zip
mps at macports.org
mps at macports.org
Thu Jun 16 06:42:15 PDT 2016
Revision: 149394
https://trac.macports.org/changeset/149394
Author: mps at macports.org
Date: 2016-06-16 06:42:14 -0700 (Thu, 16 Jun 2016)
Log Message:
-----------
p7zip: patches for CVE-2016-2334 and CVE-2016-2335
Added Paths:
-----------
trunk/dports/archivers/p7zip/files/
trunk/dports/archivers/p7zip/files/CVE-2016-2334.patch
trunk/dports/archivers/p7zip/files/CVE-2016-2335.patch
Added: trunk/dports/archivers/p7zip/files/CVE-2016-2334.patch
===================================================================
--- trunk/dports/archivers/p7zip/files/CVE-2016-2334.patch (rev 0)
+++ trunk/dports/archivers/p7zip/files/CVE-2016-2334.patch 2016-06-16 13:42:14 UTC (rev 149394)
@@ -0,0 +1,38 @@
+From: Robert Luberda <robert at debian.org>
+Date: Sun, 15 May 2016 11:15:02 +0200
+Subject: CVE-2016-2334
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Patch for the Heap buffer overflow in HFS handler vulnerability
+(CVE-2016-2334) as posted by İsmail Dönmez to
+https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba
+---
+ CPP/7zip/Archive/HfsHandler.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/CPP/7zip/Archive/HfsHandler.cpp b/CPP/7zip/Archive/HfsHandler.cpp
+index 8459280..47b8303 100644
+--- CPP/7zip/Archive/HfsHandler.cpp
++++ CPP/7zip/Archive/HfsHandler.cpp
+@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, const CObjectVector<CIdExtents
+ item.GroupID = Get32(r + 0x24);
+ item.AdminFlags = r[0x28];
+ item.OwnerFlags = r[0x29];
++ */
+ item.FileMode = Get16(r + 0x2A);
++ /*
+ item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+ item.FileType = Get32(r + 0x30);
+ item.FileCreator = Get32(r + 0x34);
+@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+
+ UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+
++ if (size > buf.Size() || size > kCompressionBlockSize + 1)
++ return S_FALSE;
++
+ RINOK(ReadStream_FALSE(inStream, buf, size));
+
+ if ((buf[0] & 0xF) == 0xF)
Added: trunk/dports/archivers/p7zip/files/CVE-2016-2335.patch
===================================================================
--- trunk/dports/archivers/p7zip/files/CVE-2016-2335.patch (rev 0)
+++ trunk/dports/archivers/p7zip/files/CVE-2016-2335.patch 2016-06-16 13:42:14 UTC (rev 149394)
@@ -0,0 +1,31 @@
+From: Robert Luberda <robert at debian.org>
+Date: Sun, 15 May 2016 11:15:06 +0200
+Subject: CVE-2016-2335
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Patch for the Out of bounds read in UDF handler vulnerability
+(CVE-2016-2335) as posted by İsmail Dönmez to
+https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#1dba
+---
+ CPP/7zip/Archive/Udf/UdfIn.cpp | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/CPP/7zip/Archive/Udf/UdfIn.cpp b/CPP/7zip/Archive/Udf/UdfIn.cpp
+index a051a27..5f2acb0 100644
+--- CPP/7zip/Archive/Udf/UdfIn.cpp
++++ CPP/7zip/Archive/Udf/UdfIn.cpp
+@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsIndex, const CLongAllocDesc
+ return S_FALSE;
+ CFile &file = Files.Back();
+ const CLogVol &vol = LogVols[volIndex];
+- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++ unsigned partitionRef = lad.Location.PartitionRef;
++
++ if (partitionRef >= vol.PartitionMaps.Size())
++ return S_FALSE;
++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+
+ UInt32 key = lad.Location.Pos;
+ UInt32 value;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20160616/1f6f9118/attachment.html>
More information about the macports-changes
mailing list