pool/clamav
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 578702 from security

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/578702
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clamav?expand=0&rev=92
This commit is contained in:
Dominique Leuenberger 2018-02-22 14:01:15 +00:00 committed by Git OBS Bridge
commit 777f113664
3 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
clamav-CVE-2012-6706.patch Normal file
View File

@ -0,0 +1,36 @@
--- libclamunrar/unrarvm.c.orig
+++ libclamunrar/unrarvm.c
@@ -26,6 +26,13 @@
#include "libclamunrar/unrarvm.h"
#include "libclamunrar/unrarcmd.h"
+/*
+ * Limit maximum number of channels in RAR3 delta filter to some
+ * reasonable value to prevent too slow processing of corrupt archives
+ * with invalid channels number.
+ */
+#define MAX3_UNPACK_CHANNELS 1024
+
#ifdef RAR_HIGH_DEBUG
#define rar_dbgmsg printf
#else
@@ -340,8 +347,8 @@ static void filter_itanium_setbits(unsig
static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type)
{
unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data;
- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
+ int i, j, op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
+ unsigned int data_size, channels, src_pos, dest_pos, border, width, PosR;
unsigned int file_offset, cur_pos, predicted;
int32_t offset, addr;
const int file_size=0x1000000;
@@ -426,7 +433,7 @@ static void execute_standard_filter(rarv
border = data_size*2;
SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
+ if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2 || channels > MAX3_UNPACK_CHANNELS) {
break;
}
for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {

7
clamav.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Feb 14 12:21:39 UTC 2018 - max@suse.com
- bsc#1045490, CVE-2012-6706: VMSF_DELTA filter in libclamunrar
allows arbitrary memory write (clamav-CVE-2012-6706.patch).
- Buildrequire curl-devel to enable clamsubmit.
-------------------------------------------------------------------
Tue Feb 13 08:50:55 UTC 2018 - varkoly@suse.com

3
clamav.spec
View File

@ -33,6 +33,7 @@ BuildRequires: autoconf
BuildRequires: automake
BuildRequires: check-devel
BuildRequires: libbz2-devel
BuildRequires: libcurl-devel
BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: libxml2-devel
@ -62,6 +63,7 @@ Patch1: clamav-conf.patch
Patch3: clamav-gcc47.patch
Patch4: clamav-disable-timestamps.patch
Patch5: clamav-fix_newer_zlib.patch
Patch6: clamav-CVE-2012-6706.patch
BuildRequires: systemd
BuildRequires: systemd-rpm-macros
%systemd_requires
@ -102,6 +104,7 @@ that want to make use of libclamav.
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6
%build
CFLAGS="-fstack-protector"