mirror of
https://github.com/openwrt/packages.git
synced 2025-12-21 19:14:30 +04:00
f9e7e2db94
This commit adds a valid git patch header for each patch, so that additional information can be stored. This is in this case and 'CVE:' tag. This can be used by CVE scanner to find out if the patch fixes a CVE. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
From eca24c7ddd296fe8dd112fd89fb288411e407379 Mon Sep 17 00:00:00 2001
|
|
From: OpenWrt community <openwrt-devel@lists.openwrt.org>
|
|
Date: Mon, 30 Oct 2023 14:46:57 +0100
|
|
Subject: [PATCH] fix: out-of-bounds read or write and crash
|
|
|
|
https://nvd.nist.gov/vuln/detail/CVE-2014-9636
|
|
|
|
CVE: CVE-2014-9636
|
|
---
|
|
extract.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/extract.c b/extract.c
|
|
index ec31e60..d816603 100644
|
|
--- a/extract.c
|
|
+++ b/extract.c
|
|
@@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
|
|
ulg eb_ucsize;
|
|
uch *eb_ucptr;
|
|
int r;
|
|
+ ush eb_compr_method;
|
|
|
|
if (compr_offset < 4) /* field is not compressed: */
|
|
return PK_OK; /* do nothing and signal OK */
|
|
@@ -2244,6 +2245,14 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
|
|
((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
|
|
return IZ_EF_TRUNC; /* no/bad compressed data! */
|
|
|
|
+ /* 2014-11-03 Michal Zalewski, SMS.
|
|
+ * For STORE method, compressed and uncompressed sizes must agree.
|
|
+ * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
|
|
+ */
|
|
+ eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset));
|
|
+ if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize))
|
|
+ return PK_ERR;
|
|
+
|
|
if (
|
|
#ifdef INT_16BIT
|
|
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||
|
|
--
|
|
|