openwrt/package/utils/bzip2/patches/010-CVE-2016-3189.patch
Rosen Penev 30758ee10e bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f9469efbfa)
2018-08-30 13:16:16 +02:00

12 lines
468 B
Diff

diff -up ./bzip2recover.c.old ./bzip2recover.c
--- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100
+++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200
@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
bsPutUInt32 ( bsWr, blockCRC );
bsClose ( bsWr );
+ outFile = NULL;
}
if (wrBlock >= rbCtr) break;
wrBlock++;