Security fix CVE-2017-6419 is only for 0.99.3 beta
This commit is contained in:
parent
1d4f821e90
commit
8c0e645ad0
|
@ -1,58 +0,0 @@
|
||||||
From a83773682e856ad6529ba6db8d1792e6d515d7f1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Mickey Sola <msola@sourcefire.com>
|
|
||||||
Date: Wed, 29 Mar 2017 14:55:26 -0400
|
|
||||||
Subject: [PATCH] fixing potential OOB window write when unpacking chm files
|
|
||||||
|
|
||||||
---
|
|
||||||
libclamav/libmspack-0.5alpha/mspack/lzxd.c | 11 +++++++++--
|
|
||||||
libclamav/libmspack.c | 6 +++++-
|
|
||||||
2 files changed, 14 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libclamav/libmspack-0.5alpha/mspack/lzxd.c b/libclamav/libmspack-0.5alpha/mspack/lzxd.c
|
|
||||||
index 2281e7b9d..45105a583 100644
|
|
||||||
--- a/libclamav/libmspack-0.5alpha/mspack/lzxd.c
|
|
||||||
+++ b/libclamav/libmspack-0.5alpha/mspack/lzxd.c
|
|
||||||
@@ -766,8 +766,13 @@ int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) {
|
|
||||||
case LZX_BLOCKTYPE_UNCOMPRESSED:
|
|
||||||
/* as this_run is limited not to wrap a frame, this also means it
|
|
||||||
* won't wrap the window (as the window is a multiple of 32k) */
|
|
||||||
+ if (window_posn + this_run > lzx->window_size) {
|
|
||||||
+ D(("match ran over window boundary"))
|
|
||||||
+ return lzx->error = MSPACK_ERR_DECRUNCH;
|
|
||||||
+ }
|
|
||||||
rundest = &window[window_posn];
|
|
||||||
window_posn += this_run;
|
|
||||||
+
|
|
||||||
while (this_run > 0) {
|
|
||||||
if ((i = i_end - i_ptr) == 0) {
|
|
||||||
READ_IF_NEEDED;
|
|
||||||
@@ -888,8 +893,10 @@ void lzxd_free(struct lzxd_stream *lzx) {
|
|
||||||
struct mspack_system *sys;
|
|
||||||
if (lzx) {
|
|
||||||
sys = lzx->sys;
|
|
||||||
- sys->free(lzx->inbuf);
|
|
||||||
- sys->free(lzx->window);
|
|
||||||
+ if(lzx->inbuf)
|
|
||||||
+ sys->free(lzx->inbuf);
|
|
||||||
+ if(lzx->window)
|
|
||||||
+ sys->free(lzx->window);
|
|
||||||
sys->free(lzx);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/libclamav/libmspack.c b/libclamav/libmspack.c
|
|
||||||
index d9b05ec25..22bc1a11e 100644
|
|
||||||
--- a/libclamav/libmspack.c
|
|
||||||
+++ b/libclamav/libmspack.c
|
|
||||||
@@ -264,7 +264,11 @@ static void *mspack_fmap_alloc(struct mspack_system *self, size_t num)
|
|
||||||
|
|
||||||
static void mspack_fmap_free(void *mem)
|
|
||||||
{
|
|
||||||
- free(mem);
|
|
||||||
+ if(mem) {
|
|
||||||
+ free(mem);
|
|
||||||
+ mem = NULL;
|
|
||||||
+ }
|
|
||||||
+ return;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void mspack_fmap_copy(void *src, void *dst, size_t num)
|
|
|
@ -128,7 +128,6 @@ Patch31: clamav-0.99.1-setsebool.patch
|
||||||
Patch32: fa15aa98c7d5e1d8fc22e818ebd089f2e53ebe1d.diff
|
Patch32: fa15aa98c7d5e1d8fc22e818ebd089f2e53ebe1d.diff
|
||||||
Patch33: clamav-0.99.2-temp-cleanup.patch
|
Patch33: clamav-0.99.2-temp-cleanup.patch
|
||||||
Patch34: dfc00cd3301a42b571454b51a6102eecf58407bc.patch
|
Patch34: dfc00cd3301a42b571454b51a6102eecf58407bc.patch
|
||||||
Patch35: a83773682e856ad6529ba6db8d1792e6d515d7f1.patch
|
|
||||||
Patch36: 586a5180287262070637c8943f2f7efd652e4a2c.patch
|
Patch36: 586a5180287262070637c8943f2f7efd652e4a2c.patch
|
||||||
|
|
||||||
|
|
||||||
|
@ -463,7 +462,6 @@ The systemd initscripts for clamav-scanner.
|
||||||
%apply -n32 -p1 -b .openssl_1.1.0
|
%apply -n32 -p1 -b .openssl_1.1.0
|
||||||
%apply -n33 -p1 -b .temp-cleanup
|
%apply -n33 -p1 -b .temp-cleanup
|
||||||
%apply -n34 -p1 -b .CVE-2017-6420
|
%apply -n34 -p1 -b .CVE-2017-6420
|
||||||
%apply -n35 -p1 -b .CVE-2017-6419
|
|
||||||
%apply -n36 -p1 -b .CVE-2017-6418
|
%apply -n36 -p1 -b .CVE-2017-6418
|
||||||
%{?apply_end}
|
%{?apply_end}
|
||||||
|
|
||||||
|
@ -943,8 +941,7 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Jan 11 2018 Sérgio Basto <sergio@serjux.com> - 0.99.2-17
|
* Thu Jan 11 2018 Sérgio Basto <sergio@serjux.com> - 0.99.2-17
|
||||||
- Security fixes CVE-2017-6420 (#1483910), CVE-2017-6419 (#1483909),
|
- Security fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908)
|
||||||
CVE-2017-6418 (#1483908)
|
|
||||||
|
|
||||||
* Tue Jan 09 2018 Sérgio Basto <sergio@serjux.com> - 0.99.2-16
|
* Tue Jan 09 2018 Sérgio Basto <sergio@serjux.com> - 0.99.2-16
|
||||||
- Make sure that Obsoletes sysv and upstart for Epel upgrade and update
|
- Make sure that Obsoletes sysv and upstart for Epel upgrade and update
|
||||||
|
|
Loading…
Reference in New Issue