Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Dec 2018 11:15:14 +0000 (UTC)
From:      Martin Matuska <mm@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r342041 - vendor/libarchive/dist/libarchive
Message-ID:  <201812131115.wBDBFEtn024624@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: mm
Date: Thu Dec 13 11:15:14 2018
New Revision: 342041
URL: https://svnweb.freebsd.org/changeset/base/342041

Log:
  Update vendor/libarchive/dist to git cef97307a3f681fcbb2cc02db6df3619a3f8b69c
  
  Relevant vendor changes:
    PR #1105: Fix various crash, memory corruption and infinite loop conditions

Modified:
  vendor/libarchive/dist/libarchive/archive_acl.c
  vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c
  vendor/libarchive/dist/libarchive/archive_read_support_format_warc.c

Modified: vendor/libarchive/dist/libarchive/archive_acl.c
==============================================================================
--- vendor/libarchive/dist/libarchive/archive_acl.c	Thu Dec 13 11:04:59 2018	(r342040)
+++ vendor/libarchive/dist/libarchive/archive_acl.c	Thu Dec 13 11:15:14 2018	(r342041)
@@ -1723,6 +1723,11 @@ archive_acl_from_text_l(struct archive_acl *acl, const
 			st = field[n].start + 1;
 			len = field[n].end - field[n].start;
 
+			if (len == 0) {
+				ret = ARCHIVE_WARN;
+				continue;
+			}
+
 			switch (*s) {
 			case 'u':
 				if (len == 1 || (len == 4

Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c
==============================================================================
--- vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c	Thu Dec 13 11:04:59 2018	(r342040)
+++ vendor/libarchive/dist/libarchive/archive_read_support_format_rar.c	Thu Dec 13 11:15:14 2018	(r342041)
@@ -258,6 +258,7 @@ struct rar
   struct data_block_offsets *dbo;
   unsigned int cursor;
   unsigned int nodes;
+  char filename_must_match;
 
   /* LZSS members */
   struct huffman_code maincode;
@@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_ent
     }
     return ret;
   }
+  else if (rar->filename_must_match)
+  {
+    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+      "Mismatch of file parts split across multi-volume archive");
+    return (ARCHIVE_FATAL);
+  }
 
   rar->filename_save = (char*)realloc(rar->filename_save,
                                       filename_size + 1);
@@ -2300,6 +2307,11 @@ parse_codes(struct archive_read *a)
       new_size = DICTIONARY_MAX_SIZE;
     else
       new_size = rar_fls((unsigned int)rar->unp_size) << 1;
+    if (new_size == 0) {
+      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+                        "Zero window size is invalid.");
+      return (ARCHIVE_FATAL);
+    }
     new_window = realloc(rar->lzss.window, new_size);
     if (new_window == NULL) {
       archive_set_error(&a->archive, ENOMEM,
@@ -2928,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssi
     else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
       rar->file_flags & FHD_SPLIT_AFTER)
     {
+      rar->filename_must_match = 1;
       ret = archive_read_format_rar_read_header(a, a->entry);
       if (ret == (ARCHIVE_EOF))
       {
         rar->has_endarc_header = 1;
         ret = archive_read_format_rar_read_header(a, a->entry);
       }
+      rar->filename_must_match = 0;
       if (ret != (ARCHIVE_OK))
         return NULL;
       return rar_read_ahead(a, min, avail);

Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_warc.c
==============================================================================
--- vendor/libarchive/dist/libarchive/archive_read_support_format_warc.c	Thu Dec 13 11:04:59 2018	(r342040)
+++ vendor/libarchive/dist/libarchive/archive_read_support_format_warc.c	Thu Dec 13 11:15:14 2018	(r342041)
@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, s
 		return (ARCHIVE_EOF);
 	}
 
+	if (w->unconsumed) {
+		__archive_read_consume(a, w->unconsumed);
+		w->unconsumed = 0U;
+	}
+
 	rab = __archive_read_ahead(a, 1U, &nrd);
 	if (nrd < 0) {
 		*bsz = 0U;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812131115.wBDBFEtn024624>