From f4d7646f1d69122a3f49925119a92834c20a1aee Mon Sep 17 00:00:00 2001
From: "Sam James (sam_c)" <sam@cmpct.info>
Date: Sun, 15 Mar 2020 18:21:54 +0000
Subject: dev-util/bsdiff: Fix CVE-2014-9862

Includes a patch from ChromiumOS.

Bug: https://bugs.gentoo.org/701848
Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
Closes: https://github.com/gentoo/gentoo/pull/14970
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
---
 dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch

(limited to 'dev-util/bsdiff/files')

diff --git a/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch b/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch
new file mode 100644
index 000000000000..7aab818090d8
--- /dev/null
+++ b/dev-util/bsdiff/files/bsdiff-4.3-CVE-2014-9862.patch
@@ -0,0 +1,15 @@
+diff --git a/bspatch.c b/bspatch.c
+index 8d95633..ab77722 100644
+--- a/bspatch.c
++++ b/bspatch.c
+
+@@ -187,6 +187,10 @@
+ 		};
+ 
+ 		/* Sanity-check */
++		if ((ctrl[0] < 0) || (ctrl[1] < 0))
++			errx(1,"Corrupt patch\n");
++
++		/* Sanity-check */
+ 		if(newpos+ctrl[0]>newsize)
+ 			errx(1,"Corrupt patch\n");
-- 
cgit v1.2.3