From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- .../files/crypto++-5.6.5-CVE-2017-9434.patch | 45 ++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch (limited to 'dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch') diff --git a/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch new file mode 100644 index 000000000000..428f48901a31 --- /dev/null +++ b/dev-libs/crypto++/files/crypto++-5.6.5-CVE-2017-9434.patch @@ -0,0 +1,45 @@ +From 07dbcc3d9644b18e05c1776db2a57fe04d780965 Mon Sep 17 00:00:00 2001 +From: Jeffrey Walton +Date: Wed, 10 May 2017 18:17:12 -0400 +Subject: [PATCH] Add Inflator::BadDistanceErr exception (Issue 414) The + improved validation and excpetion clears the Address Sanitizer and Undefined + Behavior Sanitizer findings + +--- + zinflate.cpp | 8 +++++++- + zinflate.h | 4 ++++ + 3 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/zinflate.cpp b/zinflate.cpp +index 664efe6..fbd7505 100644 +--- a/zinflate.cpp ++++ b/zinflate.cpp +@@ -550,12 +550,16 @@ bool Inflator::DecodeBody() + break; + } + case DISTANCE_BITS: ++ if (m_distance >= COUNTOF(distanceExtraBits)) ++ throw BadDistanceErr(); + bits = distanceExtraBits[m_distance]; + if (!m_reader.FillBuffer(bits)) + { + m_nextDecode = DISTANCE_BITS; + break; + } ++ if (m_distance >= COUNTOF(distanceStarts)) ++ throw BadDistanceErr(); + m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance]; + OutputPast(m_literal, m_distance); + } +diff --git a/zinflate.h b/zinflate.h +index e2fd237..c47d2f6 100644 +--- a/zinflate.h ++++ b/zinflate.h +@@ -96,6 +96,7 @@ public: + }; + class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}}; + class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}}; ++ class BadDistanceErr : public Err {public: BadDistanceErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in bit distance") {}}; + + //! \brief RFC 1951 Decompressor + //! \param attachment the filter's attached transformation -- cgit v1.2.3