Security fix for CVE-2016-1925; from upstream git

2016-01-27 13:36:35 +00:00 · 2016-01-27 13:36:35 +00:00 · 627e22cd71
commit 627e22cd71
parent a524d64898
2 changed files with 64 additions and 1 deletions
--- a/archivers/lha/Makefile
+++ b/archivers/lha/Makefile
@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.32 2013/03/10 22:28:04 espie Exp $
+# $OpenBSD: Makefile,v 1.33 2016/01/27 13:36:35 jasper Exp $

 COMMENT=	archive files using LZW compression (.lzh files)

 DISTNAME=	lha-1.14i-ac20050924p1
 PKGNAME=	lha-1.14i.ac20050924.1
+REVISION=	0
 CATEGORIES=	archivers

 HOMEPAGE=       http://lha.sourceforge.jp/
--- a/archivers/lha/patches/patch-src_header_c
+++ b/archivers/lha/patches/patch-src_header_c
@ -0,0 +1,62 @@
+$OpenBSD: patch-src_header_c,v 1.3 2016/01/27 13:36:35 jasper Exp $
+
+Security fix for CVE-2016-1925
+http://seclists.org/oss-sec/2016/q1/132
+https://osdn.jp/projects/lha/scm/git/lha/commits/bf2471f
+
+--- src/header.c.orig	Wed Jan 27 14:31:45 2016
+++ src/header.c	Wed Jan 27 14:34:05 2016
+@@ -688,6 +688,7 @@ get_header_level0(fp, hdr, data)
+     char *data;
+ {
+     size_t header_size;
+    ssize_t remain_size;
+     ssize_t extend_size;
+     int checksum;
+     int name_length;
+@@ -697,9 +698,15 @@ get_header_level0(fp, hdr, data)
+     hdr->header_size = header_size = get_byte();
+     checksum = get_byte();
+ 
+-    if (fread(data + COMMON_HEADER_SIZE,
+-              header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) {
+-        error("Invalid header (LHarc file ?)");
+    /* The data variable has been already read as COMMON_HEADER_SIZE bytes.
+       So we must read the remaining header size by the header_size. */
+    remain_size = header_size + 2 - COMMON_HEADER_SIZE;
+    if (remain_size <= 0) {
+      error("Invalid header size (LHarc file ?)");
+      return FALSE;
+    }
+    if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) {
+    	error("Invalid header (LHarc file ?)");
+         return FALSE;   /* finish */
+     }
+ 
+@@ -804,6 +811,7 @@ get_header_level1(fp, hdr, data)
+     char *data;
+ {
+     size_t header_size;
+    ssize_t remain_size;
+     ssize_t extend_size;
+     int checksum;
+     int name_length;
+@@ -813,9 +821,15 @@ get_header_level1(fp, hdr, data)
+     hdr->header_size = header_size = get_byte();
+     checksum = get_byte();
+ 
+-    if (fread(data + COMMON_HEADER_SIZE,
+-              header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) {
+-        error("Invalid header (LHarc file ?)");
+    /* The data variable has been already read as COMMON_HEADER_SIZE bytes.
+       So we must read the remaining header size by the header_size. */
+    remain_size = header_size + 2 - COMMON_HEADER_SIZE;
+    if (remain_size <= 0) {
+        error("Invalid header size (LHarc file ?)");
+        return FALSE;
+    }
+    if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) {
+    	error("Invalid header (LHarc file ?)");
+         return FALSE;   /* finish */
+     }
+