[Pkg-clamav-devel] Bug#848926: jessie-pu: package libclamunrar/0.99-0+deb8u2
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Tue Dec 20 21:17:28 UTC 2016
Package: release.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: jessie
Severity: normal
This update contains four patches which I noticed in upstream's git.
They appeared in July and the last fix (for a fix) was done last week. I
have no idea when 0.99.3 will appear and the changes in the debdiff are
the only (functional changes) in libclamunrar* since the 0.99.
The fixes look like bugs found by afl (or other fuzzer) while throwing
.rar files at clamav.
Sebastian
-------------- next part --------------
diff -Nru libclamunrar-0.99/debian/changelog libclamunrar-0.99/debian/changelog
--- libclamunrar-0.99/debian/changelog 2016-02-03 22:10:12.000000000 +0100
+++ libclamunrar-0.99/debian/changelog 2016-12-16 21:38:26.000000000 +0100
@@ -1,3 +1,10 @@
+libclamunrar (0.99-0+deb8u2) stable; urgency=medium
+
+ * Add patches from upstream bugzilla bb11600 and bb11601 to fix out of band
+ access.
+
+ -- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Fri, 16 Dec 2016 21:38:26 +0100
+
libclamunrar (0.99-0+deb8u1) stable; urgency=medium
[ Scott Kitterman ]
@@ -10,7 +17,7 @@
* switch from libclamunrar6 to libclamunrar7
* copy clamav's watch file
* add pkg-config to dependencies so autoreconf does not break
- * don't links against libpcre if available.
+ * don't link against libpcre if available.
-- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Wed, 03 Feb 2016 21:52:51 +0100
diff -Nru libclamunrar-0.99/debian/.git-dpm libclamunrar-0.99/debian/.git-dpm
--- libclamunrar-0.99/debian/.git-dpm 2016-02-03 22:09:03.000000000 +0100
+++ libclamunrar-0.99/debian/.git-dpm 2016-12-16 21:38:26.000000000 +0100
@@ -1,8 +1,8 @@
# see git-dpm(1) from git-dpm package
-1256542cf41587e62a048e687097f23cef1511f0
-1256542cf41587e62a048e687097f23cef1511f0
-1256542cf41587e62a048e687097f23cef1511f0
-1256542cf41587e62a048e687097f23cef1511f0
-libclamunrar_0.98.5.orig.tar.xz
-6d4a3441e142002ffdaa76ad313bc018985e1999
-304828
+e677e64787390c59bdb925be08113ebf47aed869
+e677e64787390c59bdb925be08113ebf47aed869
+87f93791ab6959fd522bdf0b1211ff0480cff4c7
+87f93791ab6959fd522bdf0b1211ff0480cff4c7
+libclamunrar_0.99.orig.tar.xz
+3299e943affefb7a1aea0cada292f1c4ec039aed
+311248
diff -Nru libclamunrar-0.99/debian/patches/bb11600.patch libclamunrar-0.99/debian/patches/bb11600.patch
--- libclamunrar-0.99/debian/patches/bb11600.patch 1970-01-01 01:00:00.000000000 +0100
+++ libclamunrar-0.99/debian/patches/bb11600.patch 2016-12-16 21:38:26.000000000 +0100
@@ -0,0 +1,24 @@
+From 5a04072c135be7b49279792401f10d7b4f723ab5 Mon Sep 17 00:00:00 2001
+From: Steven Morgan <smorgan at sourcefire.com>
+Date: Tue, 12 Jul 2016 12:36:29 -0400
+Subject: bb11600 - fix out of bounds stack read.
+
+Patch-Name: bb11600.patch
+---
+ libclamunrar/unrar20.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libclamunrar/unrar20.c b/libclamunrar/unrar20.c
+index ecfe40cf32f3..d938c472e1d8 100644
+--- a/libclamunrar/unrar20.c
++++ b/libclamunrar/unrar20.c
+@@ -117,7 +117,8 @@ static int read_tables20(int fd, unpack_data_t *unpack_data)
+ n = (rar_getbits(unpack_data) >> 14) + 3;
+ rar_addbits(unpack_data, 2);
+ while ((n-- > 0) && (i < table_size)) {
+- table[i] = table[i-1];
++ if (i>0)
++ table[i] = table[i-1];
+ i++;
+ }
+ } else {
diff -Nru libclamunrar-0.99/debian/patches/bb11600_pt2.patch libclamunrar-0.99/debian/patches/bb11600_pt2.patch
--- libclamunrar-0.99/debian/patches/bb11600_pt2.patch 1970-01-01 01:00:00.000000000 +0100
+++ libclamunrar-0.99/debian/patches/bb11600_pt2.patch 2016-12-16 21:38:26.000000000 +0100
@@ -0,0 +1,24 @@
+From 6c667e29a8980bef06544bb2c931a18512aaf745 Mon Sep 17 00:00:00 2001
+From: Steven Morgan <smorgan at sourcefire.com>
+Date: Tue, 12 Jul 2016 14:31:38 -0400
+Subject: fix possible out of bounds stack read.
+
+Patch-Name: bb11600_pt2.patch
+---
+ libclamunrar/unrar.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libclamunrar/unrar.c b/libclamunrar/unrar.c
+index 456da4d6fef9..40a3d63cbd3e 100644
+--- a/libclamunrar/unrar.c
++++ b/libclamunrar/unrar.c
+@@ -469,7 +469,8 @@ static int read_tables(int fd, unpack_data_t *unpack_data)
+ rar_addbits(unpack_data, 7);
+ }
+ while (n-- > 0 && i < table_size) {
+- table[i] = table[i-1];
++ if (i>0)
++ table[i] = table[i-1];
+ i++;
+ }
+ } else {
diff -Nru libclamunrar-0.99/debian/patches/bb11601.patch libclamunrar-0.99/debian/patches/bb11601.patch
--- libclamunrar-0.99/debian/patches/bb11601.patch 1970-01-01 01:00:00.000000000 +0100
+++ libclamunrar-0.99/debian/patches/bb11601.patch 2016-12-16 21:38:26.000000000 +0100
@@ -0,0 +1,35 @@
+From df000ca42b250f861af33aaca16595e34975b715 Mon Sep 17 00:00:00 2001
+From: Steven Morgan <smorgan at sourcefire.com>
+Date: Wed, 13 Jul 2016 14:27:10 -0400
+Subject: bb11601 - check array boundaries in unrarvm rarvm_getbits().
+
+Patch-Name: bb11601.patch
+---
+ libclamunrar/unrarvm.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/libclamunrar/unrarvm.c b/libclamunrar/unrarvm.c
+index 29944cbea82a..1cf5bb629952 100644
+--- a/libclamunrar/unrarvm.c
++++ b/libclamunrar/unrarvm.c
+@@ -215,12 +215,15 @@ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input)
+ {
+ unsigned int bit_field;
+
+- bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
+- bit_field >>= (8-rarvm_input->in_bit);
++ if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
++ bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
++ bit_field >>= (8-rarvm_input->in_bit);
+
+- return (bit_field & 0xffff);
++ return (bit_field & 0xffff);
++ }
++ return 0;
+ }
+
+ unsigned int rarvm_read_data(rarvm_input_t *rarvm_input)
diff -Nru libclamunrar-0.99/debian/patches/bb11601_pt2.patch libclamunrar-0.99/debian/patches/bb11601_pt2.patch
--- libclamunrar-0.99/debian/patches/bb11601_pt2.patch 1970-01-01 01:00:00.000000000 +0100
+++ libclamunrar-0.99/debian/patches/bb11601_pt2.patch 2016-12-16 21:38:26.000000000 +0100
@@ -0,0 +1,43 @@
+From e677e64787390c59bdb925be08113ebf47aed869 Mon Sep 17 00:00:00 2001
+From: Steven Morgan <stevmorg at cisco.com>
+Date: Wed, 14 Dec 2016 13:29:00 -0500
+Subject: bb11601 - revise buffer limit check due.
+
+Patch-Name: bb11601_pt2.patch
+---
+ libclamunrar/unrarvm.c | 19 +++++++++++--------
+ 1 file changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/libclamunrar/unrarvm.c b/libclamunrar/unrarvm.c
+index 1cf5bb629952..102fe2ebf044 100644
+--- a/libclamunrar/unrarvm.c
++++ b/libclamunrar/unrarvm.c
+@@ -213,17 +213,20 @@ void rarvm_addbits(rarvm_input_t *rarvm_input, int bits)
+
+ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input)
+ {
+- unsigned int bit_field;
++ unsigned int bit_field = 0;
+
+- if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
++ if (rarvm_input->in_addr < rarvm_input->buf_size) {
+ bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
+- bit_field >>= (8-rarvm_input->in_bit);
+-
+- return (bit_field & 0xffff);
++ if (rarvm_input->in_addr+1 < rarvm_input->buf_size) {
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
++ if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
++ }
++ }
+ }
+- return 0;
++ bit_field >>= (8-rarvm_input->in_bit);
++
++ return (bit_field & 0xffff);
+ }
+
+ unsigned int rarvm_read_data(rarvm_input_t *rarvm_input)
diff -Nru libclamunrar-0.99/debian/patches/series libclamunrar-0.99/debian/patches/series
--- libclamunrar-0.99/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libclamunrar-0.99/debian/patches/series 2016-12-16 21:38:26.000000000 +0100
@@ -0,0 +1,4 @@
+bb11600.patch
+bb11600_pt2.patch
+bb11601.patch
+bb11601_pt2.patch
More information about the Pkg-clamav-devel
mailing list