- fix CVE-2011-3378

This commit is contained in:
Panu Matilainen 2011-10-04 10:43:59 +03:00
parent ec70a845a6
commit b678823ef3
2 changed files with 29 additions and 1 deletions

View File

@ -0,0 +1,23 @@
diff --git a/lib/header.c b/lib/header.c
index 2d68854..536aa89 100644
--- a/lib/header.c
+++ b/lib/header.c
@@ -358,6 +358,9 @@ static int regionSwab(indexEntry entry, int il, int dl,
const unsigned char * dataEnd,
int regionid)
{
+ if ((entry != NULL && regionid >= 0) || (entry == NULL && regionid != 0))
+ return -1;
+
for (; il > 0; il--, pe++) {
struct indexEntry_s ie;
rpmTagType type;
@@ -822,7 +825,7 @@ Header headerLoad(void * uh)
{ int off = ntohl(pe->offset);
- if (hdrchkData(off))
+ if (hdrchkData(off) || hdrchkRange(dl, off))
goto errxit;
if (off) {
size_t nb = REGION_TAG_COUNT;

View File

@ -21,7 +21,7 @@
Summary: The RPM package management system
Name: rpm
Version: %{rpmver}
Release: 6%{?dist}
Release: 7%{?dist}
Group: System Environment/Base
Url: http://www.rpm.org/
Source0: http://rpm.org/releases/rpm-4.8.x/%{name}-%{srcver}.tar.bz2
@ -47,6 +47,7 @@ Patch202: rpm-4.8.0-findlang-localedirs.patch
Patch203: rpm-4.8.1-eat-stdin.patch
Patch204: rpm-4.8.1-getoutput-emsg.patch
Patch205: rpm-4.8.1-find-debuginfo-gdb-index.patch
Patch206: rpm-4.8.x-cve-2011-3378.patch
# These are not yet upstream
Patch301: rpm-4.6.0-niagara.patch
@ -202,6 +203,7 @@ packages on a system.
%patch203 -p1 -b .eat-stdin
%patch204 -p1 -b .getoutput-emsg
%patch205 -p1 -b .find-debuginfo-gdb-index
%patch206 -p1 -b .cve-2011-3378
%patch301 -p1 -b .niagara
%patch302 -p1 -b .geode
@ -419,6 +421,9 @@ exit 0
%doc COPYING doc/librpm/html/*
%changelog
* Tue Oct 04 2011 Panu Matilainen <pmatilai@redhat.com> - 4.8.1-7
- fix CVE-2011-3378
* Fri May 27 2011 Paul Whalen <paul.whalen@senecac.on.ca> - 4.8.1-6
- Added meego patch for ARM macros