[libarchive/el5] Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)

Tomas Bzatek tbzatek at fedoraproject.org
Thu Mar 28 15:49:20 UTC 2013 

commit a10ef462f5dc6128986683c03e56fdc8f140e192
Author: Tomas Bzatek <tbzatek at redhat.com>
Date:   Thu Mar 28 16:49:05 2013 +0100

    Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)

 ...-3.1.3-CVE-2013-0211_read_buffer_overflow.patch |   17 +++++++++++++++++
 libarchive.spec                                    |   10 +++++++++-
 2 files changed, 26 insertions(+), 1 deletions(-)
---
diff --git a/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch b/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch
new file mode 100644
index 0000000..5a47dbc
--- /dev/null
+++ b/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch
@@ -0,0 +1,17 @@
+diff -up libarchive-2.8.4/libarchive/archive_write.c.bak libarchive-2.8.4/libarchive/archive_write.c
+--- libarchive-2.8.4/libarchive/archive_write.c.bak	2010-03-07 19:07:40.000000000 +0100
++++ libarchive-2.8.4/libarchive/archive_write.c	2013-03-28 16:47:06.000000000 +0100
+@@ -459,8 +459,13 @@ static ssize_t
+ _archive_write_data(struct archive *_a, const void *buff, size_t s)
+ {
+ 	struct archive_write *a = (struct archive_write *)_a;
++	const size_t max_write = INT_MAX;
++
+ 	__archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
+ 	    ARCHIVE_STATE_DATA, "archive_write_data");
++	/* In particular, this catches attempts to pass negative values. */
++	if (s > max_write)
++		s = max_write;
+ 	archive_clear_error(&a->archive);
+ 	return ((a->format_write_data)(a, buff, s));
+ }
diff --git a/libarchive.spec b/libarchive.spec
index 263e5ed..54bba2b 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -1,6 +1,6 @@
 Name:           libarchive
 Version:        2.8.4
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        A library for handling streaming archive formats 
 
 Group:          System Environment/Libraries
@@ -30,6 +30,10 @@ Patch0: libarchive-2.8.4-iso9660-data-types.patch
 Patch1: libarchive-2.8.4-CVE-2011-1777.patch
 Patch2: libarchive-2.8.4-CVE-2011-1778-2.patch
 
+# CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems
+# https://bugzilla.redhat.com/show_bug.cgi?id=927105
+Patch3: libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch
+
 
 %description
 Libarchive is a programming library that can create and read several different 
@@ -52,6 +56,7 @@ developing applications that use %{name}.
 %patch0 -p0 -b .iso9660-testsuite
 %patch1 -p1 -b .cve-2011-1777
 %patch2 -p1 -b .cve-2011-1778
+%patch3 -p1 -b .CVE-2013-0211
 
 
 %build
@@ -94,6 +99,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Mar 28 2013 Tomas Bzatek <tbzatek at redhat.com> - 2.8.4-6
+- Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)
+
 * Sat Jan 14 2012 Niels de Vos <devos at fedoraproject.org> - 2.8.4-5
 - Fix ISO support, regression introduced with CVE-2011-1777 (#705849 coment 23)

More information about the scm-commits mailing list