Fix: out of bound write in bz2_decompress
Resolves: RHEL-65201
This commit is contained in:
Jakub Martisko
parent
a297cb1930
commit
a39f992cf5
32
bzip2-out_of_bounds.patch
Normal file
32
bzip2-out_of_bounds.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Mon Sep 17 00:00:00 2001
|
||||
From: Albert Astals Cid <aacid@kde.org>
|
||||
Date: Tue, 28 May 2019 19:35:18 +0200
|
||||
Subject: [PATCH] Make sure nSelectors is not out of range
|
||||
|
||||
nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
|
||||
which is
|
||||
UChar selectorMtf[BZ_MAX_SELECTORS];
|
||||
so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
|
||||
access
|
||||
|
||||
Fixes out of bounds access discovered while fuzzying karchive
|
||||
---
|
||||
decompress.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/decompress.c b/decompress.c
|
||||
index ab6a624..f3db91d 100644
|
||||
--- a/decompress.c
|
||||
+++ b/decompress.c
|
||||
@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
|
||||
GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
|
||||
if (nGroups < 2 || nGroups > BZ_N_GROUPS) RETURN(BZ_DATA_ERROR);
|
||||
GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
|
||||
- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
|
||||
+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
|
||||
for (i = 0; i < nSelectors; i++) {
|
||||
j = 0;
|
||||
while (True) {
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
Summary: File compression utility
|
||||
Name: bzip2
|
||||
Version: 1.0.8
|
||||
Release: 22%{?dist}
|
||||
Release: 23%{?dist}
|
||||
License: BSD-4-Clause
|
||||
URL: https://sourceware.org/bzip2
|
||||
#Source0: http://www.bzip.org/%{version}/%{name}-%{version}.tar.gz
|
||||
@ -19,6 +19,7 @@ Patch0: bzip2-saneso.patch
|
||||
Patch1: bzip2-cflags.patch
|
||||
Patch2: bzip2-ldflags.patch
|
||||
Patch3: man_gzipdiff.patch
|
||||
Patch4: bzip2-out_of_bounds.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
@ -63,6 +64,7 @@ Static libraries for applications using the bzip2 compression format.
|
||||
%patch 1 -p1
|
||||
%patch 2 -p1
|
||||
%patch 3 -p2
|
||||
%patch 4 -p1
|
||||
|
||||
cp -a %{SOURCE1} .
|
||||
sed -i "s|^libdir=|libdir=%{_libdir}|" bzip2.pc
|
||||
@ -129,6 +131,10 @@ ln -s bzgrep.1 $RPM_BUILD_ROOT%{_mandir}/man1/bzfgrep.1
|
||||
%{_libdir}/pkgconfig/bzip2.pc
|
||||
|
||||
%changelog
|
||||
* Tue Dec 03 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-23
|
||||
- Fix out of bounds write in bz_decompress
|
||||
Resolves: CVE-2019-12900
|
||||
|
||||
* Tue Dec 03 2024 Jakub Martisko <jamartis@redhat.com> - 1.0.8-22
|
||||
- Minor spec cleanup
|
||||
- Add explicit requires for the bzip2 package
|
||||
|
||||
Loading…
Reference in New Issue
Block a user