libarchive/libarchive-3.1.2-security-rhbz-1216891.patch

From df29aeb7db98d227aea966b18261e5c1d97d223a Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 29 Apr 2015 10:23:01 +0200
Subject: [PATCH] Upstream 3865cf2bc e6c9668f 24f5de65 --- From: Tim Kientzle
 <kientzle@acm.org> Date: Fri, 30 Jan 2015 23:54:19 -0800 Subject: [PATCH]
 Issue 394: Segfault when reading malformed     old-style cpio archives

Root cause here was an implicit cast that resulted in
reading very large file sizes as negative numbers.

---
From: Tim Kientzle <kientzle@acm.org>
Date: Fri, 30 Jan 2015 23:57:03 -0800
Subject: [PATCH] Add a check to archive_read_filter_consume to
    reject any attempts to move the file pointer by a negative
    amount.

Note:  Either this or commit 3865cf2 provides a fix for
Issue 394.

---
From: Tim Kientzle <kientzle@acm.org>
Date: Fri, 6 Feb 2015 22:07:16 -0800
Subject: [PATCH] Set a proper error message if we hit end-of-file
    when trying to read a cpio header.

Suggested by Issue #395, although the actual problem there
seems to have been the same as Issue #394.
---
 libarchive/archive_read.c                     |  2 ++
 libarchive/archive_read_support_format_cpio.c | 22 ++++++++++++++--------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/libarchive/archive_read.c b/libarchive/archive_read.c
index 048c316..7f3edc1 100644
--- a/libarchive/archive_read.c
+++ b/libarchive/archive_read.c
@@ -1394,6 +1394,8 @@ __archive_read_filter_consume(struct archive_read_filter * filter,
 {
 	int64_t skipped;
 
+	if (request < 0)
+		return ARCHIVE_FATAL;
 	if (request == 0)
 		return 0;
 
diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c
index 819f4a4..1dabc47 100644
--- a/libarchive/archive_read_support_format_cpio.c
+++ b/libarchive/archive_read_support_format_cpio.c
@@ -198,7 +198,7 @@ static int	archive_read_format_cpio_read_data(struct archive_read *,
 static int	archive_read_format_cpio_read_header(struct archive_read *,
 		    struct archive_entry *);
 static int	archive_read_format_cpio_skip(struct archive_read *);
-static int	be4(const unsigned char *);
+static int64_t	be4(const unsigned char *);
 static int	find_odc_header(struct archive_read *);
 static int	find_newc_header(struct archive_read *);
 static int	header_bin_be(struct archive_read *, struct cpio *,
@@ -213,7 +213,7 @@ static int	header_afiol(struct archive_read *, struct cpio *,
 		    struct archive_entry *, size_t *, size_t *);
 static int	is_octal(const char *, size_t);
 static int	is_hex(const char *, size_t);
-static int	le4(const unsigned char *);
+static int64_t	le4(const unsigned char *);
 static int	record_hardlink(struct archive_read *a,
 		    struct cpio *cpio, struct archive_entry *entry);
 
@@ -864,8 +864,11 @@ header_bin_le(struct archive_read *a, struct cpio *cpio,
 
 	/* Read fixed-size portion of header. */
 	h = __archive_read_ahead(a, bin_header_size, NULL);
-	if (h == NULL)
+	if (h == NULL) {
+	    archive_set_error(&a->archive, 0,
+		"End of file trying to read next cpio header");
 	    return (ARCHIVE_FATAL);
+	}
 
 	/* Parse out binary fields. */
 	header = (const unsigned char *)h;
@@ -900,8 +903,11 @@ header_bin_be(struct archive_read *a, struct cpio *cpio,
 
 	/* Read fixed-size portion of header. */
 	h = __archive_read_ahead(a, bin_header_size, NULL);
-	if (h == NULL)
+	if (h == NULL) {
+	    archive_set_error(&a->archive, 0,
+		"End of file trying to read next cpio header");
 	    return (ARCHIVE_FATAL);
+	}
 
 	/* Parse out binary fields. */
 	header = (const unsigned char *)h;
@@ -944,17 +950,17 @@ archive_read_format_cpio_cleanup(struct archive_read *a)
 	return (ARCHIVE_OK);
 }
 
-static int
+static int64_t
 le4(const unsigned char *p)
 {
-	return ((p[0]<<16) + (p[1]<<24) + (p[2]<<0) + (p[3]<<8));
+	return ((p[0] << 16) + (((int64_t)p[1]) << 24) + (p[2] << 0) + (p[3] << 8));
 }
 
 
-static int
+static int64_t
 be4(const unsigned char *p)
 {
-	return ((p[0]<<24) + (p[1]<<16) + (p[2]<<8) + (p[3]));
+	return ((((int64_t)p[0]) << 24) + (p[1] << 16) + (p[2] << 8) + (p[3]));
 }
 
 /*
-- 
2.1.0