Merge branch 'pu/cve-2020-27350'

author: Julian Andres Klode <julian.klode@canonical.com> 2020-12-09 17:30:57 +0100
committer: Julian Andres Klode <julian.klode@canonical.com> 2020-12-09 17:30:57 +0100
commit: d4bdd5faef84ef90966dd9dc9bbfc6243864747f (patch)
tree: 2b85bacae381c674077235d5dfde96e9cf55a1ed /apt-pkg/contrib/arfile.cc
parent: f9a621d335622a8909177f6d347e32e3876fde3f (diff)
parent: df81895bce764dd02fbb4d67b92d28a730b5281f (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/apt-pkg/contrib/arfile.cc b/apt-pkg/contrib/arfile.cc
index 5cb43c690..6d4a1f158 100644
--- a/apt-pkg/contrib/arfile.cc
+++ b/apt-pkg/contrib/arfile.cc
@@ -94,7 +94,12 @@ bool ARArchive::LoadHeaders()
 	 delete Memb;
 	 return _error->Error(_("Invalid archive member header"));
       }
-	 
+
+      if (Left < 0 || Memb->Size > static_cast<unsigned long long>(Left))
+      {
+	 delete Memb;
+	 return _error->Error(_("Invalid archive member header"));
+      }
       // Check for an extra long name string
       if (memcmp(Head.Name,"#1/",3) == 0)
       {
@@ -106,6 +111,13 @@ bool ARArchive::LoadHeaders()
 	    delete Memb;
 	    return _error->Error(_("Invalid archive member header"));
 	 }
+
+	 if (Len > Memb->Size)
+	 {
+	    delete Memb;
+	    return _error->Error(_("Invalid archive member header"));
+	 }
+
 	 if (File.Read(S,Len) == false)
 	 {
 	    delete Memb;
author	Julian Andres Klode <julian.klode@canonical.com>	2020-12-09 17:30:57 +0100
committer	Julian Andres Klode <julian.klode@canonical.com>	2020-12-09 17:30:57 +0100
commit	d4bdd5faef84ef90966dd9dc9bbfc6243864747f (patch)
tree	2b85bacae381c674077235d5dfde96e9cf55a1ed /apt-pkg/contrib/arfile.cc
parent	f9a621d335622a8909177f6d347e32e3876fde3f (diff)
parent	df81895bce764dd02fbb4d67b92d28a730b5281f (diff)