packages/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
busybox/backport-CVE-2021-42374.patch
jikui 19d37e85ae fix CVE-2021-42374 and CVE-2021-42377 
Signed-off-by: jikui <jikui2@huawei.com>
2021-11-22 16:57:13 +08:00

60 lines
1.7 KiB
Diff
Raw Blame History

From 479e2e47de5f2a9a3ecedda264976bde6945ce60 Mon Sep 17 00:00:00 2001
From: jikui <jikui2@huawei.com>
Date: Mon, 22 Nov 2021 10:24:24 +0800
Subject: [PATCH] busybox: fix CVE-2021-42374
backport from upstream:
https://git.busybox.net/busybox/patch/?h=1_34_stable&id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
Signed-off-by: jikui <jikui2@huawei.com>
---
archival/libarchive/decompress_unlzma.c | 5 ++++-
testsuite/unlzma.tests | 10 ++++++----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index 0744f23..fb5aac8 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
uint32_t pos;
pos = buffer_pos - rep0;
- if ((int32_t)pos < 0)
+ if ((int32_t)pos < 0) {
pos += header.dict_size;
+ if ((int32_t)pos < 0)
+ goto bad;
+ }
match_byte = buffer[pos];
do {
int bit;
diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests
index 0e98afe..8c120b1 100755
--- a/testsuite/unlzma.tests
+++ b/testsuite/unlzma.tests
@@ -8,14 +8,16 @@
# Damaged encrypted streams
testing "unlzma (bad archive 1)" \
- "unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \
-"1
+ "unlzma <unlzma_issue_1.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
" "" ""
# Damaged encrypted streams
testing "unlzma (bad archive 2)" \
- "unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \
-"1
+ "unlzma <unlzma_issue_2.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
" "" ""
exit $FAILCOUNT
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink