dev-util/bsdiff: Fix CVE-2014-9862

Includes a patch from ChromiumOS. Bug: https://bugs.gentoo.org/701848 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/14970 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
author: Sam James (sam_c) <sam@cmpct.info> 2020-03-15 18:21:54 +0000
committer: Thomas Deutschmann <whissi@gentoo.org> 2020-03-15 22:06:07 +0100
commit: f4d7646f1d69122a3f49925119a92834c20a1aee (patch)
tree: b62a2d7ed88d69d711e466b0be74e4a7c29c05b9 /dev-util/bsdiff/files
parent: aad7f73916c6a74d891b5b949138beed3accd9b8 (diff)
download: gentoo-f4d7646f1d69122a3f49925119a92834c20a1aee.tar.gz
gentoo-f4d7646f1d69122a3f49925119a92834c20a1aee.tar.bz2
gentoo-f4d7646f1d69122a3f49925119a92834c20a1aee.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch b/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch
new file mode 100644
index 000000000000..7aab818090d8
--- /dev/null
+++ b/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch
@@ -0,0 +1,15 @@
+diff --git a/bspatch.c b/bspatch.c
+index 8d95633..ab77722 100644
+--- a/bspatch.c
++++ b/bspatch.c
+
+@@ -187,6 +187,10 @@
+ 		};
+ 
+ 		/* Sanity-check */
++		if ((ctrl[0] < 0) || (ctrl[1] < 0))
++			errx(1,"Corrupt patch\n");
++
++		/* Sanity-check */
+ 		if(newpos+ctrl[0]>newsize)
+ 			errx(1,"Corrupt patch\n");
author	Sam James (sam_c) <sam@cmpct.info>	2020-03-15 18:21:54 +0000
committer	Thomas Deutschmann <whissi@gentoo.org>	2020-03-15 22:06:07 +0100
commit	f4d7646f1d69122a3f49925119a92834c20a1aee (patch)
tree	b62a2d7ed88d69d711e466b0be74e4a7c29c05b9 /dev-util/bsdiff/files
parent	aad7f73916c6a74d891b5b949138beed3accd9b8 (diff)
download	gentoo-f4d7646f1d69122a3f49925119a92834c20a1aee.tar.gz gentoo-f4d7646f1d69122a3f49925119a92834c20a1aee.tar.bz2 gentoo-f4d7646f1d69122a3f49925119a92834c20a1aee.zip