]> git.ipfire.org Git - thirdparty/libarchive.git/commitdiff
projects / thirdparty / libarchive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 13e8fc6)
Fix CVE-2024-26256 (#2269)
authorterrynini <terrynini38514@gmail.com>
Wed, 14 Aug 2024 08:01:21 +0000 (16:01 +0800)
committerGitHub <noreply@github.com>
Wed, 14 Aug 2024 08:01:21 +0000 (10:01 +0200)
Opening a manipulated RAR archive could lead to remote code execution

Security: CVE-2024-26256
Co-authored-by: Timothy Lyanguzov <theta682@gmail.com>
libarchive/archive_read_support_format_rar.c patch | blob | blame | history

diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index fb7cfde7b73a1f0d165d2becb025a5898ccefe2d..f4dcb75281fd3c4b7df16c9556eb84edd64f7dd8 100644 (file)
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -3428,6 +3428,12 @@ run_filters(struct archive_read *a)
       return 0;
   }
 
+  if (filter->blocklength > VM_MEMORY_SIZE)
+  {
+    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
+    return 0;
+  }
+
   ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
   if (ret != ARCHIVE_OK)
     return 0;
Mirror of https://github.com/libarchive/libarchive.git