archivers/brotli, devel/libbrotli: fix buffer overflow
Obtained from: upstream Security: 1bcfd963-e483-41b8-ab8e-bad5c3ce49c9 MFH: 2016Q1
This commit is contained in:
parent
880b28051d
commit
ba1bc35848
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=410664
@ -4,6 +4,7 @@
|
||||
PORTNAME= brotli
|
||||
PORTVERSION= 0.3.0
|
||||
DISTVERSIONPREFIX= v
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= archivers
|
||||
|
||||
MAINTAINER= sunpoet@FreeBSD.org
|
||||
|
24
archivers/brotli/files/patch-CVE-2016-1624
Normal file
24
archivers/brotli/files/patch-CVE-2016-1624
Normal file
@ -0,0 +1,24 @@
|
||||
From 37a320dd81db8d546cd24a45b4c61d87b45dcade Mon Sep 17 00:00:00 2001
|
||||
From: eustas <eustas.ru@gmail.com>
|
||||
Date: Thu, 4 Feb 2016 15:35:44 +0100
|
||||
Subject: [PATCH] Fix possible pointer underflow
|
||||
|
||||
---
|
||||
dec/decode.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/dec/decode.c b/dec/decode.c
|
||||
index 920959c..892a254 100644
|
||||
--- dec/decode.c
|
||||
+++ dec/decode.c
|
||||
@@ -1714,6 +1714,10 @@ static BROTLI_INLINE BrotliResult ProcessCommandsInternal(int safe,
|
||||
} else {
|
||||
const uint8_t *ringbuffer_end_minus_copy_length =
|
||||
s->ringbuffer_end - i;
|
||||
+ /* Check for possible underflow and clamp the pointer to 0. */
|
||||
+ if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
|
||||
+ ringbuffer_end_minus_copy_length = 0;
|
||||
+ }
|
||||
uint8_t* copy_src = &s->ringbuffer[
|
||||
(pos - s->distance_code) & s->ringbuffer_mask];
|
||||
uint8_t* copy_dst = &s->ringbuffer[pos];
|
@ -3,7 +3,7 @@
|
||||
|
||||
PORTNAME= libbrotli
|
||||
PORTVERSION= ${BROTLI_VERSION}
|
||||
PORTREVISION= 2
|
||||
PORTREVISION= 3
|
||||
CATEGORIES= devel archivers
|
||||
|
||||
MAINTAINER= osa@FreeBSD.org
|
||||
@ -24,8 +24,10 @@ GNU_CONFIGURE= yes
|
||||
MAKE_JOBS_UNSAFE= yes
|
||||
USE_LDCONFIG= yes
|
||||
|
||||
pre-configure:
|
||||
post-extract:
|
||||
${RMDIR} ${WRKSRC}/brotli && ${MV} ${WRKDIR}/brotli-${BROTLI_VERSION} ${WRKSRC}/brotli
|
||||
|
||||
pre-configure:
|
||||
cd ${WRKSRC} && ./autogen.sh
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
24
devel/libbrotli/files/patch-CVE-2016-1624
Normal file
24
devel/libbrotli/files/patch-CVE-2016-1624
Normal file
@ -0,0 +1,24 @@
|
||||
From 37a320dd81db8d546cd24a45b4c61d87b45dcade Mon Sep 17 00:00:00 2001
|
||||
From: eustas <eustas.ru@gmail.com>
|
||||
Date: Thu, 4 Feb 2016 15:35:44 +0100
|
||||
Subject: [PATCH] Fix possible pointer underflow
|
||||
|
||||
---
|
||||
dec/decode.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/dec/decode.c b/dec/decode.c
|
||||
index 920959c..892a254 100644
|
||||
--- brotli/dec/decode.c
|
||||
+++ brotli/dec/decode.c
|
||||
@@ -1714,6 +1714,10 @@ static BROTLI_INLINE BrotliResult ProcessCommandsInternal(int safe,
|
||||
} else {
|
||||
const uint8_t *ringbuffer_end_minus_copy_length =
|
||||
s->ringbuffer_end - i;
|
||||
+ /* Check for possible underflow and clamp the pointer to 0. */
|
||||
+ if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
|
||||
+ ringbuffer_end_minus_copy_length = 0;
|
||||
+ }
|
||||
uint8_t* copy_src = &s->ringbuffer[
|
||||
(pos - s->distance_code) & s->ringbuffer_mask];
|
||||
uint8_t* copy_dst = &s->ringbuffer[pos];
|
Loading…
Reference in New Issue
Block a user