Browse code
Fix CVE-2017-6419
Change-Id: I78c66e0e7d68144a0aac8e12b3315574321ea861
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5180
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
suezzelur authored on 2018/05/23 03:00:09Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,28 @@ |
| 0 |
+diff -rup libmspack-0.5alpha/mspack/lzxd.c libmspack-0.5alpha-new/mspack/lzxd.c |
|
| 1 |
+--- libmspack-0.5alpha/mspack/lzxd.c 2015-01-18 06:37:43.000000000 -0800 |
|
| 2 |
+@@ -766,6 +766,11 @@ int lzxd_decompress(struct lzxd_stream * |
|
| 3 |
+ case LZX_BLOCKTYPE_UNCOMPRESSED: |
|
| 4 |
+ /* as this_run is limited not to wrap a frame, this also means it |
|
| 5 |
+ * won't wrap the window (as the window is a multiple of 32k) */ |
|
| 6 |
++ if (window_posn + this_run > lzx->window_size) {
|
|
| 7 |
++ D(("match ran over window boundary"))
|
|
| 8 |
++ return lzx->error = MSPACK_ERR_DECRUNCH; |
|
| 9 |
++ } |
|
| 10 |
++ |
|
| 11 |
+ rundest = &window[window_posn]; |
|
| 12 |
+ window_posn += this_run; |
|
| 13 |
+ while (this_run > 0) {
|
|
| 14 |
+@@ -888,8 +893,10 @@ void lzxd_free(struct lzxd_stream *lzx) |
|
| 15 |
+ struct mspack_system *sys; |
|
| 16 |
+ if (lzx) {
|
|
| 17 |
+ sys = lzx->sys; |
|
| 18 |
+- sys->free(lzx->inbuf); |
|
| 19 |
+- sys->free(lzx->window); |
|
| 20 |
++ if(lzx->inbuf) |
|
| 21 |
++ sys->free(lzx->inbuf); |
|
| 22 |
++ if(lzx->window) |
|
| 23 |
++ sys->free(lzx->window); |
|
| 24 |
+ sys->free(lzx); |
|
| 25 |
+ } |
|
| 26 |
+ } |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: A library that provides compression and decompression of file formats used by Microsoft |
| 2 | 2 |
Name: libmspack |
| 3 | 3 |
Version: 0.5alpha |
| 4 |
-Release: 2%{?dist}
|
|
| 4 |
+Release: 3%{?dist}
|
|
| 5 | 5 |
License: LGPLv2+ |
| 6 | 6 |
URL: http://www.cabextract.org.uk/libmspack/libmspack-0.5alpha.tar.gz |
| 7 | 7 |
Group: Applications/System |
| ... | ... |
@@ -9,10 +9,12 @@ Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.cabextract.org.uk/libmspack/%{name}-%{version}.tar.gz
|
| 11 | 11 |
%define sha1 libmspack=226f19b1fc58e820671a1749983b06896e108cc4 |
| 12 |
+Patch0: CVE-2017-6419.patch |
|
| 12 | 13 |
%description |
| 13 | 14 |
A library that provides compression and decompression of file formats used by Microsoft |
| 14 | 15 |
%prep |
| 15 | 16 |
%setup -q |
| 17 |
+%patch0 -p1 |
|
| 16 | 18 |
%build |
| 17 | 19 |
./configure --prefix=/usr |
| 18 | 20 |
make %{?_smp_mflags}
|
| ... | ... |
@@ -29,9 +31,11 @@ make DESTDIR=%{buildroot} install
|
| 29 | 29 |
%{_libdir}/pkgconfig/*.pc
|
| 30 | 30 |
%{_includedir}/*
|
| 31 | 31 |
%changelog |
| 32 |
-* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 0.5alpha-2 |
|
| 33 |
-- GA - Bump release of all rpms |
|
| 34 |
-* Fri Jan 22 2016 Xiaolin Li <xiaolinl@vmware.com> 0.5-1 |
|
| 35 |
-- Updated to version 0.5 |
|
| 36 |
-* Thu Nov 06 2014 Sharath George <sharathg@vmware.com> 0.4-1 |
|
| 37 |
- Initial version |
|
| 32 |
+* Mon May 21 2018 Anish Swaminathan <anishs@vmware.com> 0.5alpha-3 |
|
| 33 |
+- Patch for CVE-2017-6419 |
|
| 34 |
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 0.5alpha-2 |
|
| 35 |
+- GA - Bump release of all rpms |
|
| 36 |
+* Fri Jan 22 2016 Xiaolin Li <xiaolinl@vmware.com> 0.5-1 |
|
| 37 |
+- Updated to version 0.5 |
|
| 38 |
+* Thu Nov 06 2014 Sharath George <sharathg@vmware.com> 0.4-1 |
|
| 39 |
+- Initial version |