diff options
author | Julian Andres Klode <julian.klode@canonical.com> | 2020-12-09 17:30:57 +0100 |
---|---|---|
committer | Julian Andres Klode <julian.klode@canonical.com> | 2020-12-09 17:30:57 +0100 |
commit | d4bdd5faef84ef90966dd9dc9bbfc6243864747f (patch) | |
tree | 2b85bacae381c674077235d5dfde96e9cf55a1ed /apt-pkg/contrib/arfile.cc | |
parent | f9a621d335622a8909177f6d347e32e3876fde3f (diff) | |
parent | df81895bce764dd02fbb4d67b92d28a730b5281f (diff) |
Merge branch 'pu/cve-2020-27350'
Diffstat (limited to 'apt-pkg/contrib/arfile.cc')
-rw-r--r-- | apt-pkg/contrib/arfile.cc | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/apt-pkg/contrib/arfile.cc b/apt-pkg/contrib/arfile.cc index 5cb43c690..6d4a1f158 100644 --- a/apt-pkg/contrib/arfile.cc +++ b/apt-pkg/contrib/arfile.cc @@ -94,7 +94,12 @@ bool ARArchive::LoadHeaders() delete Memb; return _error->Error(_("Invalid archive member header")); } - + + if (Left < 0 || Memb->Size > static_cast<unsigned long long>(Left)) + { + delete Memb; + return _error->Error(_("Invalid archive member header")); + } // Check for an extra long name string if (memcmp(Head.Name,"#1/",3) == 0) { @@ -106,6 +111,13 @@ bool ARArchive::LoadHeaders() delete Memb; return _error->Error(_("Invalid archive member header")); } + + if (Len > Memb->Size) + { + delete Memb; + return _error->Error(_("Invalid archive member header")); + } + if (File.Read(S,Len) == false) { delete Memb; |