From b96cc284954fc923cb7115acf5d19b92fa2b76a5 Mon Sep 17 00:00:00 2001 From: compile_success <980965867@qq.com> Date: Fri, 21 Aug 2020 21:20:10 +0800 Subject: [PATCH] Avoid stack overflow in read_data_compressed --- libarchive-3.4.3-avoid-stack-overflow.patch | 65 +++++++++++++++++++++ libarchive.spec | 9 ++- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 libarchive-3.4.3-avoid-stack-overflow.patch diff --git a/libarchive-3.4.3-avoid-stack-overflow.patch b/libarchive-3.4.3-avoid-stack-overflow.patch new file mode 100644 index 0000000..db20439 --- /dev/null +++ b/libarchive-3.4.3-avoid-stack-overflow.patch @@ -0,0 +1,65 @@ +From 4e575be32d0d128fa046ca74353d1ac880436948 Mon Sep 17 00:00:00 2001 +From: lutianxiong +Date: Thu, 20 Aug 2020 19:09:03 +0800 +Subject: [PATCH] Add a loop checker in read_data_compressed to avoid stack + overflow. + +Signed-off-by: lutianxiong +--- + libarchive/archive_read_support_format_rar.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index 98efbb1a6..283a96044 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -151,6 +151,9 @@ + #undef minimum + #define minimum(a, b) ((a)<(b)?(a):(b)) + ++/* Stack overflow check */ ++#define MAX_COMPRESS_DEPTH 1024 ++ + /* Fields common to all headers */ + struct rar_header + { +@@ -340,7 +343,7 @@ static int read_symlink_stored(struct archive_read *, struct archive_entry *, + static int read_data_stored(struct archive_read *, const void **, size_t *, + int64_t *); + static int read_data_compressed(struct archive_read *, const void **, size_t *, +- int64_t *); ++ int64_t *, size_t); + static int rar_br_preparation(struct archive_read *, struct rar_br *); + static int parse_codes(struct archive_read *); + static void free_codes(struct archive_read *); +@@ -1026,7 +1029,7 @@ archive_read_format_rar_read_data(struct archive_read *a, const void **buff, + case COMPRESS_METHOD_NORMAL: + case COMPRESS_METHOD_GOOD: + case COMPRESS_METHOD_BEST: +- ret = read_data_compressed(a, buff, size, offset); ++ ret = read_data_compressed(a, buff, size, offset, 0); + if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) { + __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); + rar->start_new_table = 1; +@@ -1883,8 +1886,11 @@ read_data_stored(struct archive_read *a, const void **buff, size_t *size, + + static int + read_data_compressed(struct archive_read *a, const void **buff, size_t *size, +- int64_t *offset) ++ int64_t *offset, size_t looper) + { ++ if (looper++ > MAX_COMPRESS_DEPTH) ++ return (ARCHIVE_FATAL); ++ + struct rar *rar; + int64_t start, end, actualend; + size_t bs; +@@ -1982,7 +1988,7 @@ read_data_compressed(struct archive_read *a, const void **buff, size_t *size, + { + case 0: + rar->start_new_table = 1; +- return read_data_compressed(a, buff, size, offset); ++ return read_data_compressed(a, buff, size, offset, looper); + + case 2: + rar->ppmd_eod = 1;/* End Of ppmd Data. */ diff --git a/libarchive.spec b/libarchive.spec index 80776b7..c472ec7 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -2,7 +2,7 @@ Name: libarchive Version: 3.4.3 -Release: 1 +Release: 2 Summary: Multi-format archive and compression library License: BSD @@ -18,6 +18,7 @@ Obsoletes: bsdtar bsdcpio bsdcat Patch6001: libarchive-uninitialized-value.patch Patch6002: libarchive-3.4.3-lchmod-support-check.patch +Patch6003: libarchive-3.4.3-avoid-stack-overflow.patch %description %{name} is an open-source BSD-licensed C programming library that @@ -148,6 +149,12 @@ run_testsuite %{_mandir}/man5/* %changelog +* Fri Aug 21 2020 yanan - 3.4.3-2 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Avoid stack overflow in read_data_compressed + * Tue Aug 18 2020 jinzhimin - 3.4.3-1 - Type:enhancement - ID:NA -- Gitee