From 94871950f0ccca43a98fe9209c03a175c133a95b Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Fri, 21 Jun 2019 14:10:19 -0400
Subject: system/sharutils: patch for CVE-2018-1000097

---
 system/sharutils/CVE-2018-1000097.patch | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 system/sharutils/CVE-2018-1000097.patch

(limited to 'system/sharutils/CVE-2018-1000097.patch')

diff --git a/system/sharutils/CVE-2018-1000097.patch b/system/sharutils/CVE-2018-1000097.patch
new file mode 100644
index 000000000..f61662040
--- /dev/null
+++ b/system/sharutils/CVE-2018-1000097.patch
@@ -0,0 +1,16 @@
+From: Petr Pisar
+Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
+Bug-Debian: https://bugs.debian.org/893525
+X-Debian-version: 1:4.15.2-3
+
+--- a/src/unshar.c
++++ b/src/unshar.c
+@@ -240,7 +240,7 @@
+       off_t position = ftello (file);
+ 
+       /* Read next line, fail if no more and no previous process.  */
+-      if (!fgets (rw_buffer, BUFSIZ, file))
++      if (!fgets (rw_buffer, rw_base_size, file))
+ 	{
+ 	  if (!start)
+ 	    error (0, 0, _("Found no shell commands in %s"), name);
-- 
cgit v1.2.3-70-g09d2