Applied the security patch for the CVE-2006-4335, CVE-2006-4337 and

CVE-2006-4338 via LHa for UNIX autoconfiscated version. Bump PKGREVISION.
author: obache <obache@pkgsrc.org> 2006-12-03 03:09:46 +0000
committer: obache <obache@pkgsrc.org> 2006-12-03 03:09:46 +0000
commit: 20a6390a3378988a0b14ed11965f783289eae14b (patch)
tree: 41a26caa0b14f27cbc30ab64537d1a7c5bfd5528 /archivers
parent: 65e080bfe84499715c51a6bab2caecc0f81934b5 (diff)
download: pkgsrc-20a6390a3378988a0b14ed11965f783289eae14b.tar.gz
5 files changed, 139 insertions, 6 deletions
diff --git a/archivers/lha/Makefile b/archivers/lha/Makefile
index cc0e3ab1b9f..b77b242ddc1 100644
--- a/archivers/lha/Makefile
+++ b/archivers/lha/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2006/07/23 14:25:46 rillig Exp $
+# $NetBSD: Makefile,v 1.30 2006/12/03 03:09:46 obache Exp $
 
 DISTNAME=	lha-114i
 PKGNAME=	lha-114.9
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	archivers
 MASTER_SITES=	http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ \
 		ftp://ftp.win.ne.jp/pub/misc/
diff --git a/archivers/lha/distinfo b/archivers/lha/distinfo
index a188519a25b..51bf19f5c39 100644
--- a/archivers/lha/distinfo
+++ b/archivers/lha/distinfo
@@ -1,8 +1,10 @@
-$NetBSD: distinfo,v 1.8 2005/10/03 11:20:55 joerg Exp $
+$NetBSD: distinfo,v 1.9 2006/12/03 03:09:46 obache Exp $
 
 SHA1 (lha-114i.tar.gz) = 79e35271f2cf783f946db3f22e304fef72dbac99
 RMD160 (lha-114i.tar.gz) = c561e0758b467a61f45d287582effc53df29f01d
 Size (lha-114i.tar.gz) = 64608 bytes
+SHA1 (patch-aa) = 945856fde42c3e98bb2b00f8633babc2daf0437c
+SHA1 (patch-ab) = 4b5cce4fd83a5a65cb152183d23f430da1e5aa21
 SHA1 (patch-ad) = a3169c55c462d4eb54e52709744ef7084a94bcb4
 SHA1 (patch-ae) = a53647ccf72511ecd2b5306e23da1219fa5e7264
 SHA1 (patch-af) = 0c2f6d5bf23c3c98b102487abe3dd1190470f50c
@@ -11,4 +13,4 @@ SHA1 (patch-ah) = cd44b40fa7e25a9996b2441d1b78a1a6570977b2
 SHA1 (patch-ai) = d988b7d048656080d14bfad1da89c9888c9ddf90
 SHA1 (patch-aj) = 6331fce7f55eef1c2003e693f165dd0565e7172e
 SHA1 (patch-ak) = fa6de630a7414b73dec8b75be0bfbb3493c4192f
-SHA1 (patch-al) = c6e5a9f4101d9e15dcb033b6c64ecc9903342df3
+SHA1 (patch-al) = 836de0f424efbc8b803d7c542ec0e3103381d5c4
diff --git a/archivers/lha/patches/patch-aa b/archivers/lha/patches/patch-aa
new file mode 100644
index 00000000000..15820c69b1e
--- /dev/null
+++ b/archivers/lha/patches/patch-aa
@@ -0,0 +1,58 @@
+$NetBSD: patch-aa,v 1.4 2006/12/03 03:09:46 obache Exp $
+
+--- src/huf.c.orig	2000-10-06 02:35:49.000000000 +0900
++++ src/huf.c
+@@ -332,7 +332,7 @@ read_pt_len(nn, nbit, i_special)
+ 	}
+ 	else {
+ 		i = 0;
+-		while (i < n) {
++		while (i < MIN(n, NPT)) {
+ 			c = bitbuf >> (16 - 3);
+ 			if (c == 7) {
+ 				unsigned short  mask = 1 << (16 - 4);
+@@ -345,7 +345,7 @@ read_pt_len(nn, nbit, i_special)
+ 			pt_len[i++] = c;
+ 			if (i == i_special) {
+ 				c = getbits(2);
+-				while (--c >= 0)
++				while (--c >= 0 && i < NPT)
+ 					pt_len[i++] = 0;
+ 			}
+ 		}
+@@ -370,7 +370,7 @@ read_c_len( /* void */ )
+ 			c_table[i] = c;
+ 	} else {
+ 		i = 0;
+-		while (i < n) {
++		while (i < MIN(n,NC)) {
+ 			c = pt_table[bitbuf >> (16 - 8)];
+ 			if (c >= NT) {
+ 				unsigned short  mask = 1 << (16 - 9);
+@@ -380,7 +380,7 @@ read_c_len( /* void */ )
+ 					else
+ 						c = left[c];
+ 					mask >>= 1;
+-				} while (c >= NT);
++				} while (c >= NT && (mask || c!= left[c])); /* CVE-2006-4338 */
+ 			}
+ 			fillbuf(pt_len[c]);
+ 			if (c <= 2) {
+@@ -427,7 +427,7 @@ decode_c_st1( /*void*/ )
+ 			else
+ 				j = left[j];
+ 			mask >>= 1;
+-		} while (j >= NC);
++		} while (j >= NC && (mask || j != left[j])); /* CVE-2006-4338 */
+ 		fillbuf(c_len[j] - 12);
+ 	}
+ 	return j;
+@@ -451,7 +451,7 @@ decode_p_st1( /* void */ )
+ 			else
+ 				j = left[j];
+ 			mask >>= 1;
+-		} while (j >= np);
++		} while (j >= np && (mask || j != left[j])); /* CVE-2006-4338 */
+ 		fillbuf(pt_len[j] - 8);
+ 	}
+ 	if (j != 0)
diff --git a/archivers/lha/patches/patch-ab b/archivers/lha/patches/patch-ab
new file mode 100644
index 00000000000..e7918f56047
--- /dev/null
+++ b/archivers/lha/patches/patch-ab
@@ -0,0 +1,64 @@
+$NetBSD: patch-ab,v 1.6 2006/12/03 03:09:46 obache Exp $
+
+--- src/maketbl.c.orig	2000-10-04 23:57:38.000000000 +0900
++++ src/maketbl.c
+@@ -32,8 +32,15 @@ make_table(nchar, bitlen, tablebits, tab
+ 	}
+ 
+ 	/* count */
+-	for (i = 0; i < nchar; i++)
+-		count[bitlen[i]]++;
++	for (i = 0; i < nchar; i++) {
++		if (bitlen[i] > 16) {
++			/* CVE-2006-4335 */
++			error("Bad table (case a)");
++			exit(1);
++		}
++		else
++			count[bitlen[i]]++;
++	}
+ 
+ 	/* calculate first code */
+ 	total = 0;
+@@ -41,8 +48,10 @@ make_table(nchar, bitlen, tablebits, tab
+ 		start[i] = total;
+ 		total += weight[i] * count[i];
+ 	}
+-	if ((total & 0xffff) != 0)
++	if ((total & 0xffff) != 0 || tablebits > 16) { /* 16 for weight below */
+ 		error("make_table()", "Bad table (5)\n");
++		exit(1);
++	}
+ 
+ 	/* shift data for make table. */
+ 	m = 16 - tablebits;
+@@ -53,7 +62,7 @@ make_table(nchar, bitlen, tablebits, tab
+ 
+ 	/* initialize */
+ 	j = start[tablebits + 1] >> m;
+-	k = 1 << tablebits;
++	k = MIN(1 << tablebits, 4096);
+ 	if (j != 0)
+ 		for (i = j; i < k; i++)
+ 			table[i] = 0;
+@@ -66,12 +75,19 @@ make_table(nchar, bitlen, tablebits, tab
+ 		l = start[k] + weight[k];
+ 		if (k <= tablebits) {
+ 			/* code in table */
++			l = MIN(l, 4096);
+ 			for (i = start[k]; i < l; i++)
+ 				table[i] = j;
+ 		}
+ 		else {
+ 			/* code not in table */
+-			p = &table[(i = start[k]) >> m];
++			i = start[k];
++			if ((i >> m) > 4096) {
++				/* CVE-2006-4337 */
++				error("Bad table (case c)");
++				exit(1);
++			}
++			p = &table[i >> m];
+ 			i <<= tablebits;
+ 			n = k - tablebits;
+ 			/* make tree (n length) */
diff --git a/archivers/lha/patches/patch-al b/archivers/lha/patches/patch-al
index 89be092037d..99778f921f0 100644
--- a/archivers/lha/patches/patch-al
+++ b/archivers/lha/patches/patch-al
@@ -1,6 +1,6 @@
-$NetBSD: patch-al,v 1.1 2005/10/03 11:20:55 joerg Exp $
+$NetBSD: patch-al,v 1.2 2006/12/03 03:09:46 obache Exp $
 
---- src/lha_macro.h.orig	2005-07-22 14:26:32.000000000 +0000
+--- src/lha_macro.h.orig	2000-10-04 23:57:38.000000000 +0900
 +++ src/lha_macro.h
 @@ -68,7 +68,6 @@ extern char    *realloc();
  #endif
@@ -10,3 +10,12 @@ $NetBSD: patch-al,v 1.1 2005/10/03 11:20:55 joerg Exp $
  
  #define	FALSE			0
  #define TRUE			1
+@@ -324,6 +323,8 @@ typedef short   				node;
+ /* Individual macro define													*/
+ /* ------------------------------------------------------------------------ */
+ 
++#define MIN(a,b) ((a) <= (b) ? (a) : (b))
++
+ /* from crcio.c */
+ #define CRCPOLY			0xA001		/* CRC-16 */
+ #define UPDATE_CRC(c)	crc = crctable[(crc ^ (c)) & 0xFF] ^ (crc >> CHAR_BIT)
author	obache <obache@pkgsrc.org>	2006-12-03 03:09:46 +0000
committer	obache <obache@pkgsrc.org>	2006-12-03 03:09:46 +0000
commit	20a6390a3378988a0b14ed11965f783289eae14b (patch)
tree	41a26caa0b14f27cbc30ab64537d1a7c5bfd5528 /archivers
parent	65e080bfe84499715c51a6bab2caecc0f81934b5 (diff)
download	pkgsrc-20a6390a3378988a0b14ed11965f783289eae14b.tar.gz