]> git.ipfire.org Git - thirdparty/libarchive.git/commitdiff
projects / thirdparty / libarchive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d85976e)
Issue #718: Fix TALOS-CAN-152
authorTim Kientzle <kientzle@acm.org>
Sun, 19 Jun 2016 21:14:09 +0000 (14:14 -0700)
committerTim Kientzle <kientzle@acm.org>
Sun, 19 Jun 2016 21:14:09 +0000 (14:14 -0700)
If a 7-Zip archive declares a rediculously large number of substreams,
it can overflow an internal counter, leading a subsequent memory
allocation to be too small for the substream data.

Thanks to the Open Source and Threat Intelligence project at Cisco
for reporting this issue.

libarchive/archive_read_support_format_7zip.c patch | blob | blame | history

diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
index 90901acb710fff13d8737c13df21272bb430525b..1dfe52b8539a0fd0cc9132db3ce56b51e412d42c 100644 (file)
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -2153,6 +2153,9 @@ read_SubStreamsInfo(struct archive_read *a, struct _7z_substream_info *ss,
                                return (-1);
                        if (UMAX_ENTRY < f[i].numUnpackStreams)
                                return (-1);
+                       if (unpack_streams > SIZE_MAX - UMAX_ENTRY) {
+                               return (-1);
+                       }
                        unpack_streams += (size_t)f[i].numUnpackStreams;
                }
                if ((p = header_bytes(a, 1)) == NULL)
Mirror of https://github.com/libarchive/libarchive.git