Author: mm
Date: Thu Dec 13 11:15:14 2018
New Revision: 342041
URL: https://svnweb.freebsd.org/changeset/base/342041
Log:
Update vendor/libarchive/dist to git cef97307a3f681fcbb2cc02db6df3619a3f8b69c
Relevant vendor changes:
PR #1105: Fix various crash, memory corruption and infinite loop conditions
Modified:
vendor/libarchive/dist/libarchive/archive_acl.c
vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c
vendor/libarchive/dist/libarchive/archive_read_support_format_warc.c
Modified: vendor/libarchive/dist/libarchive/archive_acl.c
==============================================================================
--- vendor/libarchive/dist/libarchive/archive_acl.c Thu Dec 13 11:04:59
2018 (r342040)
+++ vendor/libarchive/dist/libarchive/archive_acl.c Thu Dec 13 11:15:14
2018 (r342041)
@@ -1723,6 +1723,11 @@ archive_acl_from_text_l(struct archive_acl *acl, const
st = field[n].start + 1;
len = field[n].end - field[n].start;
+ if (len == 0) {
+ ret = ARCHIVE_WARN;
+ continue;
+ }
+
switch (*s) {
case 'u':
if (len == 1 || (len == 4
Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c
==============================================================================
--- vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c Thu Dec
13 11:04:59 2018 (r342040)
+++ vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c Thu Dec
13 11:15:14 2018 (r342041)
@@ -258,6 +258,7 @@ struct rar
struct data_block_offsets *dbo;
unsigned int cursor;
unsigned int nodes;
+ char filename_must_match;
/* LZSS members */
struct huffman_code maincode;
@@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_ent
}
return ret;
}
+ else if (rar->filename_must_match)
+ {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ "Mismatch of file parts split across multi-volume archive");
+ return (ARCHIVE_FATAL);
+ }
rar->filename_save = (char*)realloc(rar->filename_save,
filename_size + 1);
@@ -2300,6 +2307,11 @@ parse_codes(struct archive_read *a)
new_size = DICTIONARY_MAX_SIZE;
else
new_size = rar_fls((unsigned int)rar->unp_size) << 1;
+ if (new_size == 0) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ "Zero window size is invalid.");
+ return (ARCHIVE_FATAL);
+ }
new_window = realloc(rar->lzss.window, new_size);
if (new_window == NULL) {
archive_set_error(&a->archive, ENOMEM,
@@ -2928,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssi
else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
rar->file_flags & FHD_SPLIT_AFTER)
{
+ rar->filename_must_match = 1;
ret = archive_read_format_rar_read_header(a, a->entry);
if (ret == (ARCHIVE_EOF))
{
rar->has_endarc_header = 1;
ret = archive_read_format_rar_read_header(a, a->entry);
}
+ rar->filename_must_match = 0;
if (ret != (ARCHIVE_OK))
return NULL;
return rar_read_ahead(a, min, avail);
Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_warc.c
==============================================================================
--- vendor/libarchive/dist/libarchive/archive_read_support_format_warc.c
Thu Dec 13 11:04:59 2018 (r342040)
+++ vendor/libarchive/dist/libarchive/archive_read_support_format_warc.c
Thu Dec 13 11:15:14 2018 (r342041)
@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, s
return (ARCHIVE_EOF);
}
+ if (w->unconsumed) {
+ __archive_read_consume(a, w->unconsumed);
+ w->unconsumed = 0U;
+ }
+
rab = __archive_read_ahead(a, 1U, &nrd);
if (nrd < 0) {
*bsz = 0U;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
