From fdfe95197d9ff9721d59ac7d9ace64b98c5976d4 Mon Sep 17 00:00:00 2001 From: tong_1001 Date: Sat, 19 Jun 2021 09:16:08 +0800 Subject: [PATCH] fix CVE-2021-3520 --- backport-CVE-2021-3520.patch | 22 ++++++++++++++++++++++ lz4.spec | 8 ++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 backport-CVE-2021-3520.patch diff --git a/backport-CVE-2021-3520.patch b/backport-CVE-2021-3520.patch new file mode 100644 index 0000000..053958d --- /dev/null +++ b/backport-CVE-2021-3520.patch @@ -0,0 +1,22 @@ +From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 +From: Jasper Lievisse Adriaanse +Date: Fri, 26 Feb 2021 15:21:20 +0100 +Subject: [PATCH] Fix potential memory corruption with negative memmove() size + +--- + lib/lz4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/lz4.c b/lib/lz4.c +index 5f524d01d..c2f504ef3 100644 +--- a/lib/lz4.c ++++ b/lib/lz4.c +@@ -1749,7 +1749,7 @@ LZ4_decompress_generic( + const size_t dictSize /* note : = 0 if noDict */ + ) + { +- if (src == NULL) { return -1; } ++ if ((src == NULL) || (outputSize < 0)) { return -1; } + + { const BYTE* ip = (const BYTE*) src; + const BYTE* const iend = ip + srcSize; diff --git a/lz4.spec b/lz4.spec index c868206..986b704 100644 --- a/lz4.spec +++ b/lz4.spec @@ -1,12 +1,13 @@ Name: lz4 Version: 1.9.3 -Release: 1 +Release: 2 Summary: Extremely fast compression algorithm License: GPLv2+ and BSD URL: https://lz4.github.io/lz4/ Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz -Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch +Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch +Patch6001: backport-CVE-2021-3520.patch Provides: %{name}-libs = %{version}-%{release} Obsoletes: %{name} < 1.7.5-3 @@ -68,6 +69,9 @@ export MOREFLAGS="-g" %{_mandir}/man1/unlz4.1* %changelog +* Sat Jun 19 2021 shixuantong - 1.9.3-2 +- fix CVE-2021-3520 + * Thu Jan 28 2021 liudabo - 1.9.3-1 - upgrade version to 1.9.3 -- Gitee