diff options
Diffstat (limited to 'pkgs/development/libraries/libarchive/CVE-2013-0211.patch')
| -rw-r--r-- | pkgs/development/libraries/libarchive/CVE-2013-0211.patch | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/pkgs/development/libraries/libarchive/CVE-2013-0211.patch b/pkgs/development/libraries/libarchive/CVE-2013-0211.patch deleted file mode 100644 index 5b1a9831063..00000000000 --- a/pkgs/development/libraries/libarchive/CVE-2013-0211.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <kientzle@acm.org> -Date: Fri, 22 Mar 2013 23:48:41 -0700 -Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a - certain common programming error (passing -1 to write) from leading to other - problems deeper in the library. - ---- - libarchive/archive_write.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c -index eede5e0..be85621 100644 ---- a/libarchive/archive_write.c -+++ b/libarchive/archive_write.c -@@ -673,8 +673,13 @@ static ssize_t - _archive_write_data(struct archive *_a, const void *buff, size_t s) - { - struct archive_write *a = (struct archive_write *)_a; -+ const size_t max_write = INT_MAX; -+ - archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, - ARCHIVE_STATE_DATA, "archive_write_data"); -+ /* In particular, this catches attempts to pass negative values. */ -+ if (s > max_write) -+ s = max_write; - archive_clear_error(&a->archive); - return ((a->format_write_data)(a, buff, s)); - } - |