summaryrefslogtreecommitdiff
path: root/system/sharutils/CVE-2018-1000097.patch
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-06-21 14:10:19 -0400
committerMax Rees <maxcrees@me.com>2019-06-21 14:10:19 -0400
commit94871950f0ccca43a98fe9209c03a175c133a95b (patch)
treeb8fdecd2472dad8edf17021ff9d2d606d40f7a4b /system/sharutils/CVE-2018-1000097.patch
parent1320a328ef2ea539881f6d14c79ca17ef3024f2d (diff)
downloadpackages-94871950f0ccca43a98fe9209c03a175c133a95b.tar.gz
packages-94871950f0ccca43a98fe9209c03a175c133a95b.tar.bz2
packages-94871950f0ccca43a98fe9209c03a175c133a95b.tar.xz
packages-94871950f0ccca43a98fe9209c03a175c133a95b.zip
system/sharutils: patch for CVE-2018-1000097
Diffstat (limited to 'system/sharutils/CVE-2018-1000097.patch')
-rw-r--r--system/sharutils/CVE-2018-1000097.patch16
1 files changed, 16 insertions, 0 deletions
diff --git a/system/sharutils/CVE-2018-1000097.patch b/system/sharutils/CVE-2018-1000097.patch
new file mode 100644
index 000000000..f61662040
--- /dev/null
+++ b/system/sharutils/CVE-2018-1000097.patch
@@ -0,0 +1,16 @@
+From: Petr Pisar
+Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
+Bug-Debian: https://bugs.debian.org/893525
+X-Debian-version: 1:4.15.2-3
+
+--- a/src/unshar.c
++++ b/src/unshar.c
+@@ -240,7 +240,7 @@
+ off_t position = ftello (file);
+
+ /* Read next line, fail if no more and no previous process. */
+- if (!fgets (rw_buffer, BUFSIZ, file))
++ if (!fgets (rw_buffer, rw_base_size, file))
+ {
+ if (!start)
+ error (0, 0, _("Found no shell commands in %s"), name);