mirror of
https://github.com/gryf/gryf-overlay.git
synced 2025-12-28 17:32:32 +01:00
gryf
0065d17480
Till the oddness with zip archives and -z switch will be resolved, I'd like to have working version of file, to be able to access zip files from the midnight commander.
37 lines
1.0 KiB
Diff
37 lines
1.0 KiB
Diff
CVE-2019-18218
|
|
https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
|
|
|
|
--- a/src/cdf.c
|
|
+++ b/src/cdf.c
|
|
@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
|
|
goto out;
|
|
}
|
|
nelements = CDF_GETUINT32(q, 1);
|
|
- if (nelements == 0) {
|
|
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
|
|
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
|
|
+ DPRINTF(("CDF_VECTOR with nelements == %"
|
|
+ SIZE_T_FORMAT "u\n", nelements));
|
|
goto out;
|
|
}
|
|
slen = 2;
|
|
@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
|
|
goto out;
|
|
inp += nelem;
|
|
}
|
|
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
|
|
- nelements));
|
|
for (j = 0; j < nelements && i < sh.sh_properties;
|
|
j++, i++)
|
|
{
|
|
--- a/src/cdf.h
|
|
+++ b/src/cdf.h
|
|
@@ -48,6 +48,7 @@
|
|
typedef int32_t cdf_secid_t;
|
|
|
|
#define CDF_LOOP_LIMIT 10000
|
|
+#define CDF_ELEMENT_LIMIT 100000
|
|
|
|
#define CDF_SECID_NULL 0
|
|
#define CDF_SECID_FREE -1
|