Patrick Williams | f1e5d69 | 2016-03-30 15:21:19 -0500 | [diff] [blame] | 1 | Upstream-Status: Backport |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 2 | CVE: CVE-2015-7697 |
Patrick Williams | f1e5d69 | 2016-03-30 15:21:19 -0500 | [diff] [blame] | 3 | Signed-off-by: Tudor Florea <tudor.flore@enea.com> |
| 4 | |
| 5 | From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 |
| 6 | From: Kamil Dudka <kdudka@redhat.com> |
| 7 | Date: Mon, 14 Sep 2015 18:24:56 +0200 |
| 8 | Subject: [PATCH 2/2] fix infinite loop when extracting empty bzip2 data |
| 9 | |
| 10 | --- |
| 11 | extract.c | 6 ++++++ |
| 12 | 1 file changed, 6 insertions(+) |
| 13 | |
| 14 | diff --git a/extract.c b/extract.c |
| 15 | index 7134bfe..29db027 100644 |
| 16 | --- a/extract.c |
| 17 | +++ b/extract.c |
| 18 | @@ -2733,6 +2733,12 @@ __GDEF |
| 19 | int repeated_buf_err; |
| 20 | bz_stream bstrm; |
| 21 | |
| 22 | + if (G.incnt <= 0 && G.csize <= 0L) { |
| 23 | + /* avoid an infinite loop */ |
| 24 | + Trace((stderr, "UZbunzip2() got empty input\n")); |
| 25 | + return 2; |
| 26 | + } |
| 27 | + |
| 28 | #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) |
| 29 | if (G.redirect_slide) |
| 30 | wsize = G.redirect_size, redirSlide = G.redirect_buffer; |
| 31 | -- |
| 32 | 2.4.6 |