mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-19 05:38:00 +00:00
bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.
More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189
Taken from Fedora.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f9469efbfa
)
This commit is contained in:
parent
6aae528cc3
commit
d3e325dfef
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||||||
|
|
||||||
PKG_NAME:=bzip2
|
PKG_NAME:=bzip2
|
||||||
PKG_VERSION:=1.0.6
|
PKG_VERSION:=1.0.6
|
||||||
PKG_RELEASE:=3
|
PKG_RELEASE:=4
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
PKG_SOURCE_URL:=http://www.bzip.org/$(PKG_VERSION)
|
PKG_SOURCE_URL:=http://www.bzip.org/$(PKG_VERSION)
|
||||||
|
11
package/utils/bzip2/patches/010-CVE-2016-3189.patch
Normal file
11
package/utils/bzip2/patches/010-CVE-2016-3189.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -up ./bzip2recover.c.old ./bzip2recover.c
|
||||||
|
--- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100
|
||||||
|
+++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200
|
||||||
|
@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
|
||||||
|
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
|
||||||
|
bsPutUInt32 ( bsWr, blockCRC );
|
||||||
|
bsClose ( bsWr );
|
||||||
|
+ outFile = NULL;
|
||||||
|
}
|
||||||
|
if (wrBlock >= rbCtr) break;
|
||||||
|
wrBlock++;
|
Loading…
Reference in New Issue
Block a user