Fix two Null Pointer Dereferences, thanks to NSFOCUS Security Team
This commit is contained in:
parent
8aa842d2ec
commit
527ebaad94
|
@ -0,0 +1,14 @@
|
|||
diff --git a/CPP/7zip/Archive/LzhHandler.cpp b/CPP/7zip/Archive/LzhHandler.cpp
|
||||
index 21631f7..1f14621 100644
|
||||
--- a/CPP/7zip/Archive/LzhHandler.cpp
|
||||
+++ b/CPP/7zip/Archive/LzhHandler.cpp
|
||||
@@ -163,7 +163,8 @@ struct CItem
|
||||
return false;
|
||||
}
|
||||
const Byte *data = (const Byte *)(Extensions[index].Data);
|
||||
- value = GetUi32(data);
|
||||
+ if (!data) value = 0;
|
||||
+ else value = GetUi32(data);
|
||||
return true;
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
diff --git a/C/Alloc.c b/C/Alloc.c
|
||||
index 2706ec0..3178e7a 100644
|
||||
--- a/C/Alloc.c
|
||||
+++ b/C/Alloc.c
|
||||
@@ -58,12 +58,18 @@ void align_free(void * ptr)
|
||||
#else
|
||||
void *align_alloc(size_t size)
|
||||
{
|
||||
- return malloc(size);
|
||||
+ void * p = malloc(size);
|
||||
+ if(!p){
|
||||
+ printf("Out of memory: can't allocate %u bytes\n",size);
|
||||
+ abort();
|
||||
+ }
|
||||
+ return p;
|
||||
}
|
||||
|
||||
void align_free(void * ptr)
|
||||
{
|
||||
- free(ptr);
|
||||
+ if(!ptr) return;
|
||||
+ free(ptr);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
Summary: Very high compression ratio file archiver
|
||||
Name: p7zip
|
||||
Version: 16.02
|
||||
Release: 19%{?dist}
|
||||
Release: 20%{?dist}
|
||||
# Files under C/Compress/Lzma/ are dual LGPL or CPL
|
||||
License: LGPLv2 and (LGPLv2+ or CPL)
|
||||
URL: http://p7zip.sourceforge.net/
|
||||
|
@ -29,6 +29,8 @@ Patch7: 05-hardening-flags.patch
|
|||
Patch10: CVE-2017-17969.patch
|
||||
Patch11: 14-Fix-g++-warning.patch
|
||||
Patch12: gcc10-conversion.patch
|
||||
Patch13: 0001-fix-data-null-pointer.patch
|
||||
Patch14: 0001-fix-out-of-mem.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
|
@ -174,6 +176,9 @@ make test
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Apr 22 2021 Sérgio Basto <sergio@serjux.com> - 16.02-20
|
||||
- Fix two Null Pointer Dereferences, thanks to NSFOCUS Security Team
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 16.02-19
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
|
|
Loading…
Reference in New Issue