guix/gnu/packages/patches/bsdiff-CVE-2014-9862.patch at 3313f61e18cbb4a89ec6c980b39f8e5fcad2b890 - TakeV/guix - Gitea: Git with a cup of tea

TakeV/guix

Léo Le Bouter b66fc0a64b

gnu: bsdiff: Fix CVE-2014-9862.

* gnu/packages/patches/bsdiff-CVE-2014-9862.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/compression.scm (bsdiff): Apply it.

2021-03-10 09:54:27 +01:00

16 lines

304 B

Diff

Raw Blame History

 diff --git a/bspatch.c b/bspatch.c
 index 8d95633..ab77722 100644
 --- a/bspatch.c
 +++ b/bspatch.c
@@ -187,6 +187,10 @@
  		};
  		/* Sanity-check */
 +		if ((ctrl[0] < 0) || (ctrl[1] < 0))
 +			errx(1,"Corrupt patch\n");
 +
 +		/* Sanity-check */
  		if(newpos+ctrl[0]>newsize)
  			errx(1,"Corrupt patch\n");