rpms/libarchive
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix OOB in rar e8 filter (CVE-2024-26256)

Browse Source 
Resolves: RHEL-37925
This commit is contained in:
Lukas Javorsky 2024-05-28 08:27:08 +00:00
parent 35a4bbbda5
commit d4bf4758cd
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
0003-fix-OOB-in-rar-e8-filter.patch Normal file
View File

@ -0,0 +1,25 @@
From 2910a5736c3f238d2cde6cc757b01868d877ebcb Mon Sep 17 00:00:00 2001
From: Wei-Cheng Pan <legnaleurc@gmail.com>
Date: Sun, 21 Apr 2024 19:11:42 +0900
Subject: [PATCH] fix: OOB in rar e8 filter
---
libarchive/archive_read_support_format_rar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index 99a11d17..266d0ee9 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -3615,7 +3615,7 @@ execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, siz
uint32_t filesize = 0x1000000;
uint32_t i;
- if (length > PROGRAM_WORK_SIZE || length < 4)
+ if (length > PROGRAM_WORK_SIZE || length <= 4)
return 0;
for (i = 0; i <= length - 5; i++)
--
2.45.1

9
libarchive.spec
View File

@ -2,7 +2,7 @@
Name: libarchive Name: libarchive
Version: 3.7.2 Version: 3.7.2
Release: 4%{?dist} Release: 5%{?dist}
Summary: A library for handling streaming archive formats Summary: A library for handling streaming archive formats
# Licenses: # Licenses:
@ -48,6 +48,10 @@ Patch0001: 0001-Drop-rmd160-from-OpenSSL.patch
# Fixes the broken 32-bit builds (i686 arch) due to "Allocation error : not enough memory" # Fixes the broken 32-bit builds (i686 arch) due to "Allocation error : not enough memory"
Patch0002: 0002-tests-fix-zstd-long-option-test-for-32-bit-architect.patch Patch0002: 0002-tests-fix-zstd-long-option-test-for-32-bit-architect.patch
# Upstream patch: https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237
# Fixes Heap based buffer overflow in rar e8 filter (CVE-2024-26256)
Patch0003: 0003-fix-OOB-in-rar-e8-filter.patch
%description %description
Libarchive is a programming library that can create and read several different Libarchive is a programming library that can create and read several different
streaming archive formats, including most popular tar variants, several cpio streaming archive formats, including most popular tar variants, several cpio
@ -245,6 +249,9 @@ run_testsuite
%changelog %changelog
* Mon May 27 2024 Lukas Javorsky <ljavorsk@redhat.com> - 3.7.2-5
- Fix for CVE-2024-26256
* Tue May 14 2024 Lukas Javorsky <ljavorsk@redhat.com> - 3.7.2-4 * Tue May 14 2024 Lukas Javorsky <ljavorsk@redhat.com> - 3.7.2-4
- Add forgotten licenses and migrate them to SPDX format - Add forgotten licenses and migrate them to SPDX format