sergiotarxz
/
termux-packages
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
termux-packages/packages/p7zip/4-CVE-2018-10115.patch

285 lines
7.6 KiB
Diff
Raw Blame History

diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.cpp
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.cpp 2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.cpp 2019-03-06 22:10:18.882278471 +0800
@@ -29,7 +29,7 @@
};
*/
-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
+CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { }
void CDecoder::InitStructures()
{
@@ -345,7 +345,7 @@
void CDecoder::InitData()
{
- if (!m_IsSolid)
+ if (!_isSolid)
{
AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0;
AvrPlc = 0x3500;
@@ -391,6 +391,11 @@
if (inSize == NULL || outSize == NULL)
return E_INVALIDARG;
+ if (_isSolid && !_solidAllowed)
+ return S_FALSE;
+
+ _solidAllowed = false;
+
if (!m_OutWindowStream.Create(kHistorySize))
return E_OUTOFMEMORY;
if (!m_InBitStream.Create(1 << 20))
@@ -398,13 +403,13 @@
m_UnpackSize = (Int64)*outSize;
m_OutWindowStream.SetStream(outStream);
- m_OutWindowStream.Init(m_IsSolid);
+ m_OutWindowStream.Init(_isSolid);
m_InBitStream.SetStream(inStream);
m_InBitStream.Init();
// CCoderReleaser coderReleaser(this);
InitData();
- if (!m_IsSolid)
+ if (!_isSolid)
{
_errorMode = false;
InitStructures();
@@ -475,6 +480,7 @@
}
if (m_UnpackSize < 0)
return S_FALSE;
+ _solidAllowed = true;
return m_OutWindowStream.Flush();
}
@@ -491,7 +497,7 @@
{
if (size < 1)
return E_INVALIDARG;
- m_IsSolid = ((data[0] & 1) != 0);
+ _isSolid = ((data[0] & 1) != 0);
return S_OK;
}
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.h
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.h 2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.h 2019-03-06 22:10:18.882278471 +0800
@@ -38,7 +38,8 @@
UInt32 LastLength;
Int64 m_UnpackSize;
- bool m_IsSolid;
+ bool _isSolid;
+ bool _solidAllowed;
bool _errorMode;
UInt32 ReadBits(int numBits);
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.cpp
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.cpp 2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.cpp 2019-03-06 22:10:18.882278471 +0800
@@ -80,7 +80,8 @@
static const UInt32 kWindowReservSize = (1 << 22) + 256;
CDecoder::CDecoder():
- m_IsSolid(false),
+ _isSolid(false),
+ _solidAllowed(false),
m_TablesOK(false)
{
}
@@ -320,6 +321,10 @@
if (inSize == NULL || outSize == NULL)
return E_INVALIDARG;
+ if (_isSolid && !_solidAllowed)
+ return S_FALSE;
+ _solidAllowed = false;
+
if (!m_OutWindowStream.Create(kHistorySize))
return E_OUTOFMEMORY;
if (!m_InBitStream.Create(1 << 20))
@@ -330,12 +335,12 @@
UInt64 pos = 0, unPackSize = *outSize;
m_OutWindowStream.SetStream(outStream);
- m_OutWindowStream.Init(m_IsSolid);
+ m_OutWindowStream.Init(_isSolid);
m_InBitStream.SetStream(inStream);
m_InBitStream.Init();
// CCoderReleaser coderReleaser(this);
- if (!m_IsSolid)
+ if (!_isSolid)
{
InitStructures();
if (unPackSize == 0)
@@ -343,6 +348,7 @@
if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect;
if (!ReadTables())
return S_FALSE;
+ _solidAllowed = true;
return S_OK;
}
if (!ReadTables())
@@ -386,6 +392,9 @@
if (!ReadLastTables())
return S_FALSE;
+
+ _solidAllowed = true;
+
return m_OutWindowStream.Flush();
}
@@ -402,7 +411,7 @@
{
if (size < 1)
return E_INVALIDARG;
- m_IsSolid = ((data[0] & 1) != 0);
+ _isSolid = ((data[0] & 1) != 0);
return S_OK;
}
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.h
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.h 2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.h 2019-03-06 22:10:18.882278471 +0800
@@ -138,7 +138,8 @@
Byte m_LastLevels[kMaxTableSize];
UInt64 m_PackSize;
- bool m_IsSolid;
+ bool _isSolid;
+ bool _solidAllowed;
bool m_TablesOK;
void InitStructures();
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.cpp
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.cpp 2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.cpp 2019-03-06 22:10:18.882278471 +0800
@@ -92,7 +92,8 @@
_writtenFileSize(0),
_vmData(0),
_vmCode(0),
- m_IsSolid(false),
+ _isSolid(false),
+ _solidAllowed(false),
_errorMode(false)
{
Ppmd7_Construct(&_ppmd);
@@ -821,7 +822,7 @@
{
_writtenFileSize = 0;
_unsupportedFilter = false;
- if (!m_IsSolid)
+ if (!_isSolid)
{
_lzSize = 0;
_winPos = 0;
@@ -840,12 +841,15 @@
if (_errorMode)
return S_FALSE;
- if (!m_IsSolid || !TablesRead)
+ if (!_isSolid || !TablesRead)
{
bool keepDecompressing;
RINOK(ReadTables(keepDecompressing));
if (!keepDecompressing)
+ {
+ _solidAllowed = true;
return S_OK;
+ }
}
for (;;)
@@ -870,6 +874,9 @@
if (!keepDecompressing)
break;
}
+
+ _solidAllowed = true;
+
RINOK(WriteBuf());
UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize();
RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize));
@@ -890,6 +897,10 @@
if (!inSize)
return E_INVALIDARG;
+ if (_isSolid && !_solidAllowed)
+ return S_FALSE;
+ _solidAllowed = false;
+
if (!_vmData)
{
_vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax);
@@ -928,7 +939,7 @@
{
if (size < 1)
return E_INVALIDARG;
- m_IsSolid = ((data[0] & 1) != 0);
+ _isSolid = ((data[0] & 1) != 0);
return S_OK;
}
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.h
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.h 2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.h 2019-03-06 22:10:18.882278471 +0800
@@ -191,7 +191,8 @@
CRecordVector<CTempFilter *> _tempFilters;
UInt32 _lastFilter;
- bool m_IsSolid;
+ bool _isSolid;
+ bool _solidAllowed;
bool _errorMode;
bool _lzMode;
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.cpp
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.cpp 2019-03-06 22:03:12.632738487 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.cpp 2019-03-06 22:10:18.882278471 +0800
@@ -72,6 +72,7 @@
_writtenFileSize(0),
_dictSizeLog(0),
_isSolid(false),
+ _solidAllowed(false),
_wasInit(false),
_inputBuf(NULL)
{
@@ -801,7 +802,10 @@
*/
if (res == S_OK)
+ {
+ _solidAllowed = true;
res = res2;
+ }
if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize)
return S_FALSE;
@@ -821,6 +825,10 @@
{
try
{
+ if (_isSolid && !_solidAllowed)
+ return S_FALSE;
+ _solidAllowed = false;
+
if (_dictSizeLog >= sizeof(size_t) * 8)
return E_NOTIMPL;
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.h
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.h 2019-03-06 22:03:12.632738487 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.h 2019-03-06 22:10:18.882278471 +0800
@@ -271,6 +271,7 @@
Byte _dictSizeLog;
bool _tableWasFilled;
bool _isSolid;
+ bool _solidAllowed;
bool _wasInit;
UInt32 _reps[kNumReps];
Reference in New Issue View Git Blame Copy Permalink