[OpenWrt-Devel] [PATCH 1/2] bzip2: Fix CVE-2016-3189

Rosen Penev rosenp at gmail.com
Wed Aug 22 22:07:56 EDT 2018


Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
Please backport to 18.06 and/or 17.05
 package/utils/bzip2/Makefile                        |  2 +-
 package/utils/bzip2/patches/010-CVE-2016-3189.patch | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 package/utils/bzip2/patches/010-CVE-2016-3189.patch

diff --git a/package/utils/bzip2/Makefile b/package/utils/bzip2/Makefile
index 4c8b360..ea2fc76 100644
--- a/package/utils/bzip2/Makefile
+++ b/package/utils/bzip2/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bzip2
 PKG_VERSION:=1.0.6
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.bzip.org/$(PKG_VERSION)
diff --git a/package/utils/bzip2/patches/010-CVE-2016-3189.patch b/package/utils/bzip2/patches/010-CVE-2016-3189.patch
new file mode 100644
index 0000000..064f982
--- /dev/null
+++ b/package/utils/bzip2/patches/010-CVE-2016-3189.patch
@@ -0,0 +1,11 @@
+diff -up ./bzip2recover.c.old ./bzip2recover.c
+--- ./bzip2recover.c.old	2016-03-22 08:49:38.855620000 +0100
++++ ./bzip2recover.c	2016-03-30 10:22:27.341430099 +0200
+@@ -457,6 +457,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
-- 
2.7.4


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list