Fix for CVE-2015-4645/4646

This commit is contained in:
Bruno Wolff III 2015-06-23 18:12:25 -05:00
parent 12f3ad490e
commit e68da29cac
2 changed files with 39 additions and 2 deletions

29
cve-2015-4645.patch Normal file
View File

@ -0,0 +1,29 @@
diff --git a/unsquash-4.c b/unsquash-4.c
index ecdaac796f09..2c0cf63daf67 100644
--- a/unsquash-4.c
+++ b/unsquash-4.c
@@ -31,9 +31,9 @@ static unsigned int *id_table;
int read_fragment_table_4(long long *directory_table_end)
{
int res, i;
- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
- long long fragment_table_index[indexes];
+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
+ long long *fragment_table_index;
TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
"from 0x%llx\n", sBlk.s.fragments, indexes,
@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
return TRUE;
}
+ fragment_table_index = malloc(indexes*sizeof(long long));
+ if(fragment_table_index == NULL)
+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
+ "fragment table index\n");
+
fragment_table = malloc(bytes);
if(fragment_table == NULL)
EXIT_UNSQUASH("read_fragment_table: failed to allocate "

View File

@ -1,7 +1,7 @@
Summary: Utility for the creation of squashfs filesystems Summary: Utility for the creation of squashfs filesystems
Name: squashfs-tools Name: squashfs-tools
Version: 4.3 Version: 4.3
Release: 9%{?dist} Release: 10%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
URL: http://squashfs.sourceforge.net/ URL: http://squashfs.sourceforge.net/
@ -18,7 +18,11 @@ Patch0: PAE.patch
Patch1: mem-overflow.patch Patch1: mem-overflow.patch
# From squashfs-devel@lists.sourceforge.net by Guan Xin <guanx.bac@gmail.com> # From squashfs-devel@lists.sourceforge.net by Guan Xin <guanx.bac@gmail.com>
# For https://bugzilla.redhat.com/show_bug.cgi?id=1141206 # For https://bugzilla.redhat.com/show_bug.cgi?id=1141206
PAtch2: 2gb.patch Patch2: 2gb.patch
# From https://github.com/gcanalesb/sasquatch/commit/6777e08cc38bc780d27c69c1d8c272867b74524f
# Which is forked from Phillip's squashfs-tools, though it looks like
# the issue applies to us.
Patch3: cve-2015-4645.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: xz-devel BuildRequires: xz-devel
@ -35,6 +39,7 @@ contains the utilities for manipulating squashfs filesystems.
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p0 %patch2 -p0
%patch3 -p1
%build %build
pushd squashfs-tools pushd squashfs-tools
@ -61,6 +66,9 @@ rm -rf %{buildroot}
%{_sbindir}/unsquashfs %{_sbindir}/unsquashfs
%changelog %changelog
* Tue Jun 23 2015 Bruno Wolff III <bruno@wolff.to> - 4.3-10
- Fix for CVE 2015-4645/4646
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3-9 * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild