--- /dev/null
+From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 30 Jun 2014 10:14:34 +0200
+Subject: [PATCH] lzop: add overflow check
+
+See CVE-2014-4607
+http://www.openwall.com/lists/oss-security/2014/06/26/20
+
+function old new delta
+lzo1x_decompress_safe 1010 1031 +21
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/liblzo.h | 2 ++
+ archival/libarchive/lzo1x_d.c | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
+index 843997c..4596620 100644
+--- a/archival/libarchive/liblzo.h
++++ b/archival/libarchive/liblzo.h
+@@ -76,11 +76,13 @@
+ # define TEST_IP (ip < ip_end)
+ # define NEED_IP(x) \
+ if ((unsigned)(ip_end - ip) < (unsigned)(x)) goto input_overrun
++# define TEST_IV(x) if ((x) > (unsigned)0 - (511)) goto input_overrun
+
+ # undef TEST_OP /* don't need both of the tests here */
+ # define TEST_OP 1
+ # define NEED_OP(x) \
+ if ((unsigned)(op_end - op) < (unsigned)(x)) goto output_overrun
++# define TEST_OV(x) if ((x) > (unsigned)0 - (511)) goto output_overrun
+
+ #define HAVE_ANY_OP 1
+
+diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
+index 9bc1270..40b167e 100644
+--- a/archival/libarchive/lzo1x_d.c
++++ b/archival/libarchive/lzo1x_d.c
+@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+ ip++;
+ NEED_IP(1);
+ }
++ TEST_IV(t);
+ t += 15 + *ip++;
+ }
+ /* copy literals */
+@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+ ip++;
+ NEED_IP(1);
+ }
++ TEST_IV(t);
+ t += 31 + *ip++;
+ }
+ #if defined(COPY_DICT)
+@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
+ ip++;
+ NEED_IP(1);
+ }
++ TEST_IV(t);
+ t += 7 + *ip++;
+ }
+ #if defined(COPY_DICT)
+--
+1.8.5.5
+
+++ /dev/null
-From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Mon, 30 Jun 2014 10:14:34 +0200
-Subject: [PATCH] lzop: add overflow check
-
-See CVE-2014-4607
-http://www.openwall.com/lists/oss-security/2014/06/26/20
-
-function old new delta
-lzo1x_decompress_safe 1010 1031 +21
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- archival/libarchive/liblzo.h | 2 ++
- archival/libarchive/lzo1x_d.c | 3 +++
- 2 files changed, 5 insertions(+)
-
-diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
-index 843997c..4596620 100644
---- a/archival/libarchive/liblzo.h
-+++ b/archival/libarchive/liblzo.h
-@@ -76,11 +76,13 @@
- # define TEST_IP (ip < ip_end)
- # define NEED_IP(x) \
- if ((unsigned)(ip_end - ip) < (unsigned)(x)) goto input_overrun
-+# define TEST_IV(x) if ((x) > (unsigned)0 - (511)) goto input_overrun
-
- # undef TEST_OP /* don't need both of the tests here */
- # define TEST_OP 1
- # define NEED_OP(x) \
- if ((unsigned)(op_end - op) < (unsigned)(x)) goto output_overrun
-+# define TEST_OV(x) if ((x) > (unsigned)0 - (511)) goto output_overrun
-
- #define HAVE_ANY_OP 1
-
-diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
-index 9bc1270..40b167e 100644
---- a/archival/libarchive/lzo1x_d.c
-+++ b/archival/libarchive/lzo1x_d.c
-@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 15 + *ip++;
- }
- /* copy literals */
-@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 31 + *ip++;
- }
- #if defined(COPY_DICT)
-@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 7 + *ip++;
- }
- #if defined(COPY_DICT)
---
-1.8.5.5
-
+++ /dev/null
-From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Mon, 30 Jun 2014 10:14:34 +0200
-Subject: [PATCH] lzop: add overflow check
-
-See CVE-2014-4607
-http://www.openwall.com/lists/oss-security/2014/06/26/20
-
-function old new delta
-lzo1x_decompress_safe 1010 1031 +21
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- archival/libarchive/liblzo.h | 2 ++
- archival/libarchive/lzo1x_d.c | 3 +++
- 2 files changed, 5 insertions(+)
-
-diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
-index 843997c..4596620 100644
---- a/archival/libarchive/liblzo.h
-+++ b/archival/libarchive/liblzo.h
-@@ -76,11 +76,13 @@
- # define TEST_IP (ip < ip_end)
- # define NEED_IP(x) \
- if ((unsigned)(ip_end - ip) < (unsigned)(x)) goto input_overrun
-+# define TEST_IV(x) if ((x) > (unsigned)0 - (511)) goto input_overrun
-
- # undef TEST_OP /* don't need both of the tests here */
- # define TEST_OP 1
- # define NEED_OP(x) \
- if ((unsigned)(op_end - op) < (unsigned)(x)) goto output_overrun
-+# define TEST_OV(x) if ((x) > (unsigned)0 - (511)) goto output_overrun
-
- #define HAVE_ANY_OP 1
-
-diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
-index 9bc1270..40b167e 100644
---- a/archival/libarchive/lzo1x_d.c
-+++ b/archival/libarchive/lzo1x_d.c
-@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 15 + *ip++;
- }
- /* copy literals */
-@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 31 + *ip++;
- }
- #if defined(COPY_DICT)
-@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 7 + *ip++;
- }
- #if defined(COPY_DICT)
---
-1.8.5.5
-
+++ /dev/null
-From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Mon, 30 Jun 2014 10:14:34 +0200
-Subject: [PATCH] lzop: add overflow check
-
-See CVE-2014-4607
-http://www.openwall.com/lists/oss-security/2014/06/26/20
-
-function old new delta
-lzo1x_decompress_safe 1010 1031 +21
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- archival/libarchive/liblzo.h | 2 ++
- archival/libarchive/lzo1x_d.c | 3 +++
- 2 files changed, 5 insertions(+)
-
-diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
-index 843997c..4596620 100644
---- a/archival/libarchive/liblzo.h
-+++ b/archival/libarchive/liblzo.h
-@@ -76,11 +76,13 @@
- # define TEST_IP (ip < ip_end)
- # define NEED_IP(x) \
- if ((unsigned)(ip_end - ip) < (unsigned)(x)) goto input_overrun
-+# define TEST_IV(x) if ((x) > (unsigned)0 - (511)) goto input_overrun
-
- # undef TEST_OP /* don't need both of the tests here */
- # define TEST_OP 1
- # define NEED_OP(x) \
- if ((unsigned)(op_end - op) < (unsigned)(x)) goto output_overrun
-+# define TEST_OV(x) if ((x) > (unsigned)0 - (511)) goto output_overrun
-
- #define HAVE_ANY_OP 1
-
-diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
-index 9bc1270..40b167e 100644
---- a/archival/libarchive/lzo1x_d.c
-+++ b/archival/libarchive/lzo1x_d.c
-@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 15 + *ip++;
- }
- /* copy literals */
-@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 31 + *ip++;
- }
- #if defined(COPY_DICT)
-@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 7 + *ip++;
- }
- #if defined(COPY_DICT)
---
-1.8.5.5
-
+++ /dev/null
-From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Mon, 30 Jun 2014 10:14:34 +0200
-Subject: [PATCH] lzop: add overflow check
-
-See CVE-2014-4607
-http://www.openwall.com/lists/oss-security/2014/06/26/20
-
-function old new delta
-lzo1x_decompress_safe 1010 1031 +21
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- archival/libarchive/liblzo.h | 2 ++
- archival/libarchive/lzo1x_d.c | 3 +++
- 2 files changed, 5 insertions(+)
-
-diff --git a/archival/libarchive/liblzo.h b/archival/libarchive/liblzo.h
-index 843997c..4596620 100644
---- a/archival/libarchive/liblzo.h
-+++ b/archival/libarchive/liblzo.h
-@@ -76,11 +76,13 @@
- # define TEST_IP (ip < ip_end)
- # define NEED_IP(x) \
- if ((unsigned)(ip_end - ip) < (unsigned)(x)) goto input_overrun
-+# define TEST_IV(x) if ((x) > (unsigned)0 - (511)) goto input_overrun
-
- # undef TEST_OP /* don't need both of the tests here */
- # define TEST_OP 1
- # define NEED_OP(x) \
- if ((unsigned)(op_end - op) < (unsigned)(x)) goto output_overrun
-+# define TEST_OV(x) if ((x) > (unsigned)0 - (511)) goto output_overrun
-
- #define HAVE_ANY_OP 1
-
-diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
-index 9bc1270..40b167e 100644
---- a/archival/libarchive/lzo1x_d.c
-+++ b/archival/libarchive/lzo1x_d.c
-@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 15 + *ip++;
- }
- /* copy literals */
-@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 31 + *ip++;
- }
- #if defined(COPY_DICT)
-@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
- ip++;
- NEED_IP(1);
- }
-+ TEST_IV(t);
- t += 7 + *ip++;
- }
- #if defined(COPY_DICT)
---
-1.8.5.5
-
projects / buildroot.git / commitdiff