Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 May 2016 04:47:32 +0000 (UTC)
From:      Martin Matuska <mm@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r299895 - in vendor/libarchive/dist: cpio libarchive
Message-ID:  <201605160447.u4G4lWhP029305@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: mm
Date: Mon May 16 04:47:32 2016
New Revision: 299895
URL: https://svnweb.freebsd.org/changeset/base/299895

Log:
  Update vendor/libarchvie to git commit 860ec63
  Integrates my pull request #709

Modified:
  vendor/libarchive/dist/cpio/cpio.c
  vendor/libarchive/dist/libarchive/archive_read_support_format_cpio.c

Modified: vendor/libarchive/dist/cpio/cpio.c
==============================================================================
--- vendor/libarchive/dist/cpio/cpio.c	Mon May 16 04:43:47 2016	(r299894)
+++ vendor/libarchive/dist/cpio/cpio.c	Mon May 16 04:47:32 2016	(r299895)
@@ -295,6 +295,7 @@ main(int argc, char *argv[])
 				    "Cannot use both -p and -%c", cpio->mode);
 			cpio->mode = opt;
 			cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NODOTDOT;
+			cpio->extract_flags &= ~ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
 			break;
 		case OPTION_PASSPHRASE:
 			cpio->passphrase = cpio->argument;

Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_cpio.c
==============================================================================
--- vendor/libarchive/dist/libarchive/archive_read_support_format_cpio.c	Mon May 16 04:43:47 2016	(r299894)
+++ vendor/libarchive/dist/libarchive/archive_read_support_format_cpio.c	Mon May 16 04:47:32 2016	(r299895)
@@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(str
 
 	/* If this is a symlink, read the link contents. */
 	if (archive_entry_filetype(entry) == AE_IFLNK) {
+		if (cpio->entry_bytes_remaining > 1024 * 1024) {
+			archive_set_error(&a->archive, ENOMEM,
+			    "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte");
+			return (ARCHIVE_FATAL);
+		}
 		h = __archive_read_ahead(a,
 			(size_t)cpio->entry_bytes_remaining, NULL);
 		if (h == NULL)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605160447.u4G4lWhP029305>