]>
Commit | Line | Data |
---|---|---|
fed525f2 MT |
1 | Submitted By: Bruce Dubbs <bdubbs@linuxfromscratch.org> |
2 | Date: 2020-05-12 | |
3 | Initial Package Version: 16.02 | |
4 | Upstream Status: Unknown. | |
5 | Origin: Arch and Fedora | |
6 | Description: Updates for CVE-2016-9296, CVE-2017-17969, CVE-2018-5996, | |
7 | CVE-2018-10115 and GCC10. | |
8 | ||
9 | diff -Naur p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp | |
10 | --- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp 2016-05-20 03:20:03.000000000 -0500 | |
11 | +++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp 2020-05-12 15:34:34.513287566 -0500 | |
12 | @@ -1097,7 +1097,8 @@ | |
13 | if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) | |
14 | ThrowIncorrect(); | |
15 | } | |
16 | - HeadersSize += folders.PackPositions[folders.NumPackStreams]; | |
17 | + if (folders.PackPositions) | |
18 | + HeadersSize += folders.PackPositions[folders.NumPackStreams]; | |
19 | return S_OK; | |
20 | } | |
21 | ||
22 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp | |
23 | --- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.cpp 2015-09-01 13:04:52.000000000 -0500 | |
24 | +++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp 2020-05-12 15:35:00.897548643 -0500 | |
25 | @@ -29,7 +29,7 @@ | |
26 | }; | |
27 | */ | |
28 | ||
29 | -CDecoder::CDecoder(): m_IsSolid(false) { } | |
30 | +CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { } | |
31 | ||
32 | void CDecoder::InitStructures() | |
33 | { | |
34 | @@ -345,7 +345,7 @@ | |
35 | ||
36 | void CDecoder::InitData() | |
37 | { | |
38 | - if (!m_IsSolid) | |
39 | + if (!_isSolid) | |
40 | { | |
41 | AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0; | |
42 | AvrPlc = 0x3500; | |
43 | @@ -391,6 +391,11 @@ | |
44 | if (inSize == NULL || outSize == NULL) | |
45 | return E_INVALIDARG; | |
46 | ||
47 | + if (_isSolid && !_solidAllowed) | |
48 | + return S_FALSE; | |
49 | + | |
50 | + _solidAllowed = false; | |
51 | + | |
52 | if (!m_OutWindowStream.Create(kHistorySize)) | |
53 | return E_OUTOFMEMORY; | |
54 | if (!m_InBitStream.Create(1 << 20)) | |
55 | @@ -398,17 +403,22 @@ | |
56 | ||
57 | m_UnpackSize = (Int64)*outSize; | |
58 | m_OutWindowStream.SetStream(outStream); | |
59 | - m_OutWindowStream.Init(m_IsSolid); | |
60 | + m_OutWindowStream.Init(_isSolid); | |
61 | m_InBitStream.SetStream(inStream); | |
62 | m_InBitStream.Init(); | |
63 | ||
64 | // CCoderReleaser coderReleaser(this); | |
65 | InitData(); | |
66 | - if (!m_IsSolid) | |
67 | + if (!_isSolid) | |
68 | { | |
69 | + _errorMode = false; | |
70 | InitStructures(); | |
71 | InitHuff(); | |
72 | } | |
73 | + | |
74 | + if (_errorMode) | |
75 | + return S_FALSE; | |
76 | + | |
77 | if (m_UnpackSize > 0) | |
78 | { | |
79 | GetFlagsBuf(); | |
80 | @@ -470,6 +480,7 @@ | |
81 | } | |
82 | if (m_UnpackSize < 0) | |
83 | return S_FALSE; | |
84 | + _solidAllowed = true; | |
85 | return m_OutWindowStream.Flush(); | |
86 | } | |
87 | ||
88 | @@ -477,16 +488,16 @@ | |
89 | const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) | |
90 | { | |
91 | try { return CodeReal(inStream, outStream, inSize, outSize, progress); } | |
92 | - catch(const CInBufferException &e) { return e.ErrorCode; } | |
93 | - catch(const CLzOutWindowException &e) { return e.ErrorCode; } | |
94 | - catch(...) { return S_FALSE; } | |
95 | + catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } | |
96 | + catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } | |
97 | + catch(...) { _errorMode = true; return S_FALSE; } | |
98 | } | |
99 | ||
100 | STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) | |
101 | { | |
102 | if (size < 1) | |
103 | return E_INVALIDARG; | |
104 | - m_IsSolid = ((data[0] & 1) != 0); | |
105 | + _isSolid = ((data[0] & 1) != 0); | |
106 | return S_OK; | |
107 | } | |
108 | ||
109 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h | |
110 | --- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.h 2014-12-21 06:44:00.000000000 -0600 | |
111 | +++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h 2020-05-12 15:35:00.897548643 -0500 | |
112 | @@ -38,7 +38,9 @@ | |
113 | UInt32 LastLength; | |
114 | ||
115 | Int64 m_UnpackSize; | |
116 | - bool m_IsSolid; | |
117 | + bool _isSolid; | |
118 | + bool _solidAllowed; | |
119 | + bool _errorMode; | |
120 | ||
121 | UInt32 ReadBits(int numBits); | |
122 | HRESULT CopyBlock(UInt32 distance, UInt32 len); | |
123 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp | |
124 | --- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.cpp 2015-10-03 03:49:14.000000000 -0500 | |
125 | +++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp 2020-05-12 15:35:00.897548643 -0500 | |
126 | @@ -80,7 +80,9 @@ | |
127 | static const UInt32 kWindowReservSize = (1 << 22) + 256; | |
128 | ||
129 | CDecoder::CDecoder(): | |
130 | - m_IsSolid(false) | |
131 | + _isSolid(false), | |
132 | + _solidAllowed(false), | |
133 | + m_TablesOK(false) | |
134 | { | |
135 | } | |
136 | ||
137 | @@ -100,6 +102,8 @@ | |
138 | ||
139 | bool CDecoder::ReadTables(void) | |
140 | { | |
141 | + m_TablesOK = false; | |
142 | + | |
143 | Byte levelLevels[kLevelTableSize]; | |
144 | Byte newLevels[kMaxTableSize]; | |
145 | m_AudioMode = (ReadBits(1) == 1); | |
146 | @@ -170,6 +174,8 @@ | |
147 | } | |
148 | ||
149 | memcpy(m_LastLevels, newLevels, kMaxTableSize); | |
150 | + m_TablesOK = true; | |
151 | + | |
152 | return true; | |
153 | } | |
154 | ||
155 | @@ -315,6 +321,10 @@ | |
156 | if (inSize == NULL || outSize == NULL) | |
157 | return E_INVALIDARG; | |
158 | ||
159 | + if (_isSolid && !_solidAllowed) | |
160 | + return S_FALSE; | |
161 | + _solidAllowed = false; | |
162 | + | |
163 | if (!m_OutWindowStream.Create(kHistorySize)) | |
164 | return E_OUTOFMEMORY; | |
165 | if (!m_InBitStream.Create(1 << 20)) | |
166 | @@ -325,12 +335,12 @@ | |
167 | UInt64 pos = 0, unPackSize = *outSize; | |
168 | ||
169 | m_OutWindowStream.SetStream(outStream); | |
170 | - m_OutWindowStream.Init(m_IsSolid); | |
171 | + m_OutWindowStream.Init(_isSolid); | |
172 | m_InBitStream.SetStream(inStream); | |
173 | m_InBitStream.Init(); | |
174 | ||
175 | // CCoderReleaser coderReleaser(this); | |
176 | - if (!m_IsSolid) | |
177 | + if (!_isSolid) | |
178 | { | |
179 | InitStructures(); | |
180 | if (unPackSize == 0) | |
181 | @@ -338,12 +348,16 @@ | |
182 | if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect; | |
183 | if (!ReadTables()) | |
184 | return S_FALSE; | |
185 | + _solidAllowed = true; | |
186 | return S_OK; | |
187 | } | |
188 | if (!ReadTables()) | |
189 | return S_FALSE; | |
190 | } | |
191 | ||
192 | + if (!m_TablesOK) | |
193 | + return S_FALSE; | |
194 | + | |
195 | UInt64 startPos = m_OutWindowStream.GetProcessedSize(); | |
196 | while (pos < unPackSize) | |
197 | { | |
198 | @@ -378,6 +392,9 @@ | |
199 | ||
200 | if (!ReadLastTables()) | |
201 | return S_FALSE; | |
202 | + | |
203 | + _solidAllowed = true; | |
204 | + | |
205 | return m_OutWindowStream.Flush(); | |
206 | } | |
207 | ||
208 | @@ -394,7 +411,7 @@ | |
209 | { | |
210 | if (size < 1) | |
211 | return E_INVALIDARG; | |
212 | - m_IsSolid = ((data[0] & 1) != 0); | |
213 | + _isSolid = ((data[0] & 1) != 0); | |
214 | return S_OK; | |
215 | } | |
216 | ||
217 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h | |
218 | --- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.h 2015-06-19 05:52:06.000000000 -0500 | |
219 | +++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h 2020-05-12 15:35:00.898548653 -0500 | |
220 | @@ -138,7 +138,9 @@ | |
221 | Byte m_LastLevels[kMaxTableSize]; | |
222 | ||
223 | UInt64 m_PackSize; | |
224 | - bool m_IsSolid; | |
225 | + bool _isSolid; | |
226 | + bool _solidAllowed; | |
227 | + bool m_TablesOK; | |
228 | ||
229 | void InitStructures(); | |
230 | UInt32 ReadBits(unsigned numBits); | |
231 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp | |
232 | --- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.cpp 2016-05-20 03:20:03.000000000 -0500 | |
233 | +++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp 2020-05-12 15:35:00.898548653 -0500 | |
234 | @@ -92,7 +92,9 @@ | |
235 | _writtenFileSize(0), | |
236 | _vmData(0), | |
237 | _vmCode(0), | |
238 | - m_IsSolid(false) | |
239 | + _isSolid(false), | |
240 | + _solidAllowed(false), | |
241 | + _errorMode(false) | |
242 | { | |
243 | Ppmd7_Construct(&_ppmd); | |
244 | } | |
245 | @@ -545,6 +547,9 @@ | |
246 | return InitPPM(); | |
247 | } | |
248 | ||
249 | + TablesRead = false; | |
250 | + TablesOK = false; | |
251 | + | |
252 | _lzMode = true; | |
253 | PrevAlignBits = 0; | |
254 | PrevAlignCount = 0; | |
255 | @@ -606,6 +611,9 @@ | |
256 | } | |
257 | } | |
258 | } | |
259 | + if (InputEofError()) | |
260 | + return S_FALSE; | |
261 | + | |
262 | TablesRead = true; | |
263 | ||
264 | // original code has check here: | |
265 | @@ -623,6 +631,9 @@ | |
266 | RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); | |
267 | ||
268 | memcpy(m_LastLevels, newLevels, kTablesSizesSum); | |
269 | + | |
270 | + TablesOK = true; | |
271 | + | |
272 | return S_OK; | |
273 | } | |
274 | ||
275 | @@ -811,7 +822,7 @@ | |
276 | { | |
277 | _writtenFileSize = 0; | |
278 | _unsupportedFilter = false; | |
279 | - if (!m_IsSolid) | |
280 | + if (!_isSolid) | |
281 | { | |
282 | _lzSize = 0; | |
283 | _winPos = 0; | |
284 | @@ -824,13 +835,21 @@ | |
285 | PpmEscChar = 2; | |
286 | PpmError = true; | |
287 | InitFilters(); | |
288 | + _errorMode = false; | |
289 | } | |
290 | - if (!m_IsSolid || !TablesRead) | |
291 | + | |
292 | + if (_errorMode) | |
293 | + return S_FALSE; | |
294 | + | |
295 | + if (!_isSolid || !TablesRead) | |
296 | { | |
297 | bool keepDecompressing; | |
298 | RINOK(ReadTables(keepDecompressing)); | |
299 | if (!keepDecompressing) | |
300 | + { | |
301 | + _solidAllowed = true; | |
302 | return S_OK; | |
303 | + } | |
304 | } | |
305 | ||
306 | for (;;) | |
307 | @@ -838,6 +857,8 @@ | |
308 | bool keepDecompressing; | |
309 | if (_lzMode) | |
310 | { | |
311 | + if (!TablesOK) | |
312 | + return S_FALSE; | |
313 | RINOK(DecodeLZ(keepDecompressing)) | |
314 | } | |
315 | else | |
316 | @@ -853,6 +874,9 @@ | |
317 | if (!keepDecompressing) | |
318 | break; | |
319 | } | |
320 | + | |
321 | + _solidAllowed = true; | |
322 | + | |
323 | RINOK(WriteBuf()); | |
324 | UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize(); | |
325 | RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize)); | |
326 | @@ -873,6 +897,10 @@ | |
327 | if (!inSize) | |
328 | return E_INVALIDARG; | |
329 | ||
330 | + if (_isSolid && !_solidAllowed) | |
331 | + return S_FALSE; | |
332 | + _solidAllowed = false; | |
333 | + | |
334 | if (!_vmData) | |
335 | { | |
336 | _vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax); | |
337 | @@ -901,8 +929,8 @@ | |
338 | _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; | |
339 | return CodeReal(progress); | |
340 | } | |
341 | - catch(const CInBufferException &e) { return e.ErrorCode; } | |
342 | - catch(...) { return S_FALSE; } | |
343 | + catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } | |
344 | + catch(...) { _errorMode = true; return S_FALSE; } | |
345 | // CNewException is possible here. But probably CNewException is caused | |
346 | // by error in data stream. | |
347 | } | |
348 | @@ -911,7 +939,7 @@ | |
349 | { | |
350 | if (size < 1) | |
351 | return E_INVALIDARG; | |
352 | - m_IsSolid = ((data[0] & 1) != 0); | |
353 | + _isSolid = ((data[0] & 1) != 0); | |
354 | return S_OK; | |
355 | } | |
356 | ||
357 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h | |
358 | --- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.h 2015-10-03 03:49:12.000000000 -0500 | |
359 | +++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h 2020-05-12 15:35:00.898548653 -0500 | |
360 | @@ -191,7 +191,9 @@ | |
361 | CRecordVector<CTempFilter *> _tempFilters; | |
362 | UInt32 _lastFilter; | |
363 | ||
364 | - bool m_IsSolid; | |
365 | + bool _isSolid; | |
366 | + bool _solidAllowed; | |
367 | + bool _errorMode; | |
368 | ||
369 | bool _lzMode; | |
370 | bool _unsupportedFilter; | |
371 | @@ -200,6 +202,7 @@ | |
372 | UInt32 PrevAlignCount; | |
373 | ||
374 | bool TablesRead; | |
375 | + bool TablesOK; | |
376 | ||
377 | CPpmd7 _ppmd; | |
378 | int PpmEscChar; | |
379 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar5Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.cpp | |
380 | --- p7zip_16.02.orig/CPP/7zip/Compress/Rar5Decoder.cpp 2016-05-20 03:20:04.000000000 -0500 | |
381 | +++ p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.cpp 2020-05-12 15:35:00.899548663 -0500 | |
382 | @@ -72,6 +72,7 @@ | |
383 | _writtenFileSize(0), | |
384 | _dictSizeLog(0), | |
385 | _isSolid(false), | |
386 | + _solidAllowed(false), | |
387 | _wasInit(false), | |
388 | _inputBuf(NULL) | |
389 | { | |
390 | @@ -801,7 +802,10 @@ | |
391 | */ | |
392 | ||
393 | if (res == S_OK) | |
394 | + { | |
395 | + _solidAllowed = true; | |
396 | res = res2; | |
397 | + } | |
398 | ||
399 | if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize) | |
400 | return S_FALSE; | |
401 | @@ -821,6 +825,10 @@ | |
402 | { | |
403 | try | |
404 | { | |
405 | + if (_isSolid && !_solidAllowed) | |
406 | + return S_FALSE; | |
407 | + _solidAllowed = false; | |
408 | + | |
409 | if (_dictSizeLog >= sizeof(size_t) * 8) | |
410 | return E_NOTIMPL; | |
411 | ||
412 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar5Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.h | |
413 | --- p7zip_16.02.orig/CPP/7zip/Compress/Rar5Decoder.h 2015-09-01 13:04:50.000000000 -0500 | |
414 | +++ p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.h 2020-05-12 15:35:00.899548663 -0500 | |
415 | @@ -271,6 +271,7 @@ | |
416 | Byte _dictSizeLog; | |
417 | bool _tableWasFilled; | |
418 | bool _isSolid; | |
419 | + bool _solidAllowed; | |
420 | bool _wasInit; | |
421 | ||
422 | UInt32 _reps[kNumReps]; | |
423 | diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/ShrinkDecoder.cpp p7zip_16.02/CPP/7zip/Compress/ShrinkDecoder.cpp | |
424 | --- p7zip_16.02.orig/CPP/7zip/Compress/ShrinkDecoder.cpp 2016-05-18 12:31:02.000000000 -0500 | |
425 | +++ p7zip_16.02/CPP/7zip/Compress/ShrinkDecoder.cpp 2020-05-12 15:34:45.120392530 -0500 | |
426 | @@ -121,7 +121,12 @@ | |
427 | { | |
428 | _stack[i++] = _suffixes[cur]; | |
429 | cur = _parents[cur]; | |
430 | + if (cur >= kNumItems || i >= kNumItems) | |
431 | + break; | |
432 | } | |
433 | + | |
434 | + if (cur >= kNumItems || i >= kNumItems) | |
435 | + break; | |
436 | ||
437 | _stack[i++] = (Byte)cur; | |
438 | lastChar2 = (Byte)cur; | |
439 | diff -Naur p7zip_16.02.orig/CPP/Windows/ErrorMsg.cpp p7zip_16.02/CPP/Windows/ErrorMsg.cpp | |
440 | --- p7zip_16.02.orig/CPP/Windows/ErrorMsg.cpp 2015-01-18 12:20:28.000000000 -0600 | |
441 | +++ p7zip_16.02/CPP/Windows/ErrorMsg.cpp 2020-05-12 15:37:52.688247586 -0500 | |
442 | @@ -14,15 +14,15 @@ | |
443 | AString msg; | |
444 | ||
445 | switch(errorCode) { | |
446 | - case ERROR_NO_MORE_FILES : txt = "No more files"; break ; | |
447 | - case E_NOTIMPL : txt = "E_NOTIMPL"; break ; | |
448 | - case E_NOINTERFACE : txt = "E_NOINTERFACE"; break ; | |
449 | - case E_ABORT : txt = "E_ABORT"; break ; | |
450 | - case E_FAIL : txt = "E_FAIL"; break ; | |
451 | - case STG_E_INVALIDFUNCTION : txt = "STG_E_INVALIDFUNCTION"; break ; | |
452 | - case E_OUTOFMEMORY : txt = "E_OUTOFMEMORY"; break ; | |
453 | - case E_INVALIDARG : txt = "E_INVALIDARG"; break ; | |
454 | - case ERROR_DIRECTORY : txt = "Error Directory"; break ; | |
455 | + case unsigned (ERROR_NO_MORE_FILES) : txt = "No more files"; break ; | |
456 | + case unsigned (E_NOTIMPL) : txt = "E_NOTIMPL"; break ; | |
457 | + case unsigned (E_NOINTERFACE) : txt = "E_NOINTERFACE"; break ; | |
458 | + case unsigned (E_ABORT) : txt = "E_ABORT"; break ; | |
459 | + case unsigned (E_FAIL) : txt = "E_FAIL"; break ; | |
460 | + case unsigned (STG_E_INVALIDFUNCTION) : txt = "STG_E_INVALIDFUNCTION"; break ; | |
461 | + case unsigned (E_OUTOFMEMORY) : txt = "E_OUTOFMEMORY"; break ; | |
462 | + case unsigned (E_INVALIDARG) : txt = "E_INVALIDARG"; break ; | |
463 | + case ERROR_DIRECTORY : txt = "Error Directory"; break ; | |
464 | default: | |
465 | txt = strerror(errorCode); | |
466 | } |