[libarchive/el5] Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)
Tomas Bzatek
tbzatek at fedoraproject.org
Thu Mar 28 15:49:20 UTC 2013
commit a10ef462f5dc6128986683c03e56fdc8f140e192
Author: Tomas Bzatek <tbzatek at redhat.com>
Date: Thu Mar 28 16:49:05 2013 +0100
Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)
...-3.1.3-CVE-2013-0211_read_buffer_overflow.patch | 17 +++++++++++++++++
libarchive.spec | 10 +++++++++-
2 files changed, 26 insertions(+), 1 deletions(-)
---
diff --git a/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch b/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch
new file mode 100644
index 0000000..5a47dbc
--- /dev/null
+++ b/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch
@@ -0,0 +1,17 @@
+diff -up libarchive-2.8.4/libarchive/archive_write.c.bak libarchive-2.8.4/libarchive/archive_write.c
+--- libarchive-2.8.4/libarchive/archive_write.c.bak 2010-03-07 19:07:40.000000000 +0100
++++ libarchive-2.8.4/libarchive/archive_write.c 2013-03-28 16:47:06.000000000 +0100
+@@ -459,8 +459,13 @@ static ssize_t
+ _archive_write_data(struct archive *_a, const void *buff, size_t s)
+ {
+ struct archive_write *a = (struct archive_write *)_a;
++ const size_t max_write = INT_MAX;
++
+ __archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
+ ARCHIVE_STATE_DATA, "archive_write_data");
++ /* In particular, this catches attempts to pass negative values. */
++ if (s > max_write)
++ s = max_write;
+ archive_clear_error(&a->archive);
+ return ((a->format_write_data)(a, buff, s));
+ }
diff --git a/libarchive.spec b/libarchive.spec
index 263e5ed..54bba2b 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -1,6 +1,6 @@
Name: libarchive
Version: 2.8.4
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: A library for handling streaming archive formats
Group: System Environment/Libraries
@@ -30,6 +30,10 @@ Patch0: libarchive-2.8.4-iso9660-data-types.patch
Patch1: libarchive-2.8.4-CVE-2011-1777.patch
Patch2: libarchive-2.8.4-CVE-2011-1778-2.patch
+# CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems
+# https://bugzilla.redhat.com/show_bug.cgi?id=927105
+Patch3: libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch
+
%description
Libarchive is a programming library that can create and read several different
@@ -52,6 +56,7 @@ developing applications that use %{name}.
%patch0 -p0 -b .iso9660-testsuite
%patch1 -p1 -b .cve-2011-1777
%patch2 -p1 -b .cve-2011-1778
+%patch3 -p1 -b .CVE-2013-0211
%build
@@ -94,6 +99,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Thu Mar 28 2013 Tomas Bzatek <tbzatek at redhat.com> - 2.8.4-6
+- Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105)
+
* Sat Jan 14 2012 Niels de Vos <devos at fedoraproject.org> - 2.8.4-5
- Fix ISO support, regression introduced with CVE-2011-1777 (#705849 coment 23)
More information about the scm-commits
mailing list