archive: fix incorrect bounds checking for memory allocation - apk-tools - Adélie Linux patches for Alpine Package Keeper (apk-tools)

diff options

author	Timo Teräs <timo.teras@iki.fi>	2017-06-21 15:12:02 +0300
committer	Timo Teräs <timo.teras@iki.fi>	2017-06-23 09:59:55 +0300
commit	74484710d67a92d89dfc45e0d04c02b6ee9cb1ec (patch)
tree	9ea8ceb9f485b924f26495fb9a5eb1de49bdea2a /src/apk.c
parent	d5dad7b7eba2434342ef663e370c4499567c1b59 (diff)
download	apk-tools-74484710d67a92d89dfc45e0d04c02b6ee9cb1ec.tar.gz apk-tools-74484710d67a92d89dfc45e0d04c02b6ee9cb1ec.tar.bz2 apk-tools-74484710d67a92d89dfc45e0d04c02b6ee9cb1ec.tar.xz apk-tools-74484710d67a92d89dfc45e0d04c02b6ee9cb1ec.zip

archive: fix incorrect bounds checking for memory allocation

The value from tar header is unsigned int; keep it casted to unsigned int and size_t instead of (signed) int, otherwise the comparisons fail to do their job properly. Additionally check entry.size against SSIZE_MAX so the rounding up later on is guaranteed to not overflow. Fixes CVE-2017-9669 and CVE-2017-9671. Reported-by: Ariel Zelivansky from Twistlock (cherry picked from commit 286aa77ef1811e477895713df162c92b2ffc6df8)

Diffstat (limited to 'src/apk.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: