archivers/brotli, devel/libbrotli: fix buffer overflow

Obtained from: upstream Security: 1bcfd963-e483-41b8-ab8e-bad5c3ce49c9 MFH: 2016Q1
svn path=/head/; revision=410664
2016-03-08 21:15:16 +00:00 · 2016-03-08 21:15:16 +00:00 · ba1bc35848 · 2021-03-31 03:12:20 +00:00
commit ba1bc35848
parent 880b28051d
4 changed files with 53 additions and 2 deletions
--- a/archivers/brotli/Makefile
+++ b/archivers/brotli/Makefile
@ -4,6 +4,7 @@
 PORTNAME=	brotli
 PORTVERSION=	0.3.0
 DISTVERSIONPREFIX=	v
+PORTREVISION=	1
 CATEGORIES=	archivers

 MAINTAINER=	sunpoet@FreeBSD.org
--- a/archivers/brotli/files/patch-CVE-2016-1624
+++ b/archivers/brotli/files/patch-CVE-2016-1624
@ -0,0 +1,24 @@
+From 37a320dd81db8d546cd24a45b4c61d87b45dcade Mon Sep 17 00:00:00 2001
+From: eustas <eustas.ru@gmail.com>
+Date: Thu, 4 Feb 2016 15:35:44 +0100
+Subject: [PATCH] Fix possible pointer underflow
+
+---
+ dec/decode.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dec/decode.c b/dec/decode.c
+index 920959c..892a254 100644
+--- dec/decode.c
+++ dec/decode.c
+@@ -1714,6 +1714,10 @@ static BROTLI_INLINE BrotliResult ProcessCommandsInternal(int safe,
+   } else {
+     const uint8_t *ringbuffer_end_minus_copy_length =
+         s->ringbuffer_end - i;
+    /* Check for possible underflow and clamp the pointer to 0. */
+    if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
+      ringbuffer_end_minus_copy_length = 0;
+    }
+     uint8_t* copy_src = &s->ringbuffer[
+         (pos - s->distance_code) & s->ringbuffer_mask];
+     uint8_t* copy_dst = &s->ringbuffer[pos];
--- a/devel/libbrotli/Makefile
+++ b/devel/libbrotli/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	libbrotli
 PORTVERSION=	${BROTLI_VERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	devel archivers

 MAINTAINER=	osa@FreeBSD.org
@ -24,8 +24,10 @@ GNU_CONFIGURE=	yes
 MAKE_JOBS_UNSAFE=	yes
 USE_LDCONFIG=	yes

-pre-configure:
+post-extract:
 	${RMDIR} ${WRKSRC}/brotli && ${MV} ${WRKDIR}/brotli-${BROTLI_VERSION} ${WRKSRC}/brotli
+
+pre-configure:
 	cd ${WRKSRC} && ./autogen.sh

 .include <bsd.port.mk>
--- a/devel/libbrotli/files/patch-CVE-2016-1624
+++ b/devel/libbrotli/files/patch-CVE-2016-1624
@ -0,0 +1,24 @@
+From 37a320dd81db8d546cd24a45b4c61d87b45dcade Mon Sep 17 00:00:00 2001
+From: eustas <eustas.ru@gmail.com>
+Date: Thu, 4 Feb 2016 15:35:44 +0100
+Subject: [PATCH] Fix possible pointer underflow
+
+---
+ dec/decode.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dec/decode.c b/dec/decode.c
+index 920959c..892a254 100644
+--- brotli/dec/decode.c
+++ brotli/dec/decode.c
+@@ -1714,6 +1714,10 @@ static BROTLI_INLINE BrotliResult ProcessCommandsInternal(int safe,
+   } else {
+     const uint8_t *ringbuffer_end_minus_copy_length =
+         s->ringbuffer_end - i;
+    /* Check for possible underflow and clamp the pointer to 0. */
+    if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
+      ringbuffer_end_minus_copy_length = 0;
+    }
+     uint8_t* copy_src = &s->ringbuffer[
+         (pos - s->distance_code) & s->ringbuffer_mask];
+     uint8_t* copy_dst = &s->ringbuffer[pos];