Репозитории ALT
Группа :: Архивирование/Сжатие
Пакет: unace
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: alt-fix-for-issue-in-CVE-2015-2063-fix.patch
Скачать
Скачать
From 3f3b4cfd5d6a9c8ab8ef56ecd7be520b21389202 Mon Sep 17 00:00:00 2001
From: Aleksei Nikiforov <darktemplar@altlinux.org>
Date: Mon, 2 Nov 2020 17:34:43 +0300
Subject: [PATCH] CVE-2015-2063 fix amend: ACE_ADDSIZE: don't increase required
buffer size since buffer pointer isn't changed
---
unace/unace.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/unace/unace.c b/unace/unace.c
index be4b714..c7c97cf 100644
--- a/unace/unace.c
+++ b/unace/unace.c
@@ -152,8 +152,7 @@ INT read_header(INT print_err) // reads any header from archive
if (head.HEAD_FLAGS & ACE_ADDSIZE)
{
- need_size += 4;
- if (need_size > head.HEAD_SIZE)
+ if (need_size + 4 > head.HEAD_SIZE)
return 0;
skipsize = head.ADDSIZE = BUF2LONG(tp); // get ADDSIZE
}
--
2.25.4