libarchive/backport-CVE-2024-26256-CVE-2024-43495.patch

From b7b0c7c4379531206a53634a12a02a8d45b28a2f Mon Sep 17 00:00:00 2001
From: terrynini <terrynini38514@gmail.com>
Date: Wed, 14 Aug 2024 16:01:21 +0800
Subject: [PATCH] Fix CVE-2024-26256 (#2269)

Opening a manipulated RAR archive could lead to remote code execution

Security: CVE-2024-26256
Co-authored-by: Timothy Lyanguzov <theta682@gmail.com>
---
 libarchive/archive_read_support_format_rar.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index fb7cfde7..f4dcb752 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -3428,6 +3428,12 @@ run_filters(struct archive_read *a)
       return 0;
   }
 
+  if (filter->blocklength > VM_MEMORY_SIZE)
+  {
+    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
+    return 0;
+  }
+
   ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
   if (ret != ARCHIVE_OK)
     return 0;
-- 
2.33.0
fix CVE-2024-26256 CVE-2024-43495 2024-09-19 02:28:46 +00:00			`From b7b0c7c4379531206a53634a12a02a8d45b28a2f Mon Sep 17 00:00:00 2001`
			`From: terrynini <terrynini38514@gmail.com>`
			`Date: Wed, 14 Aug 2024 16:01:21 +0800`
			`Subject: [PATCH] Fix CVE-2024-26256 (#2269)`

			`Opening a manipulated RAR archive could lead to remote code execution`

			`Security: CVE-2024-26256`
			`Co-authored-by: Timothy Lyanguzov <theta682@gmail.com>`
			`---`
			`libarchive/archive_read_support_format_rar.c \| 6 ++++++`
			`1 file changed, 6 insertions(+)`

			`diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c`
			`index fb7cfde7..f4dcb752 100644`
			`--- a/libarchive/archive_read_support_format_rar.c`
			`+++ b/libarchive/archive_read_support_format_rar.c`
			`@@ -3428,6 +3428,12 @@ run_filters(struct archive_read *a)`
			`return 0;`
			`}`

			`+ if (filter->blocklength > VM_MEMORY_SIZE)`
			`+ {`
			`+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");`
			`+ return 0;`
			`+ }`
			`+`
			`ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);`
			`if (ret != ARCHIVE_OK)`
			`return 0;`
			`--`
			`2.33.0`