SHA256
1
0
forked from pool/bzip2
bzip2/bzip2-1.0.6-CVE-2016-3189.patch
Kristyna Streitova 3713b730d5 Accepting request 695733 from home:kstreitova:branches:Archiving
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
  free vulnerability that was reported in bzip2recover [bsc#985657]
  [CVE-2016-3189]

OBS-URL: https://build.opensuse.org/request/show/695733
OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=74
2019-04-23 08:22:37 +00:00

16 lines
559 B
Diff

Author: Jakub Martisko <jamartis@redhat.com>
Date: Wed, 30 Mar 2016 10:22:27 +0200
Description: bzip2recover: Fix potential use-after-free
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
bsPutUInt32 ( bsWr, blockCRC );
bsClose ( bsWr );
+ outFile = NULL;
}
if (wrBlock >= rbCtr) break;
wrBlock++;