From f4185f01cbd9d5cfaf69eac5d87e247a7746f6c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucio=20Andr=C3=A9s=20Illanes=20Albornoz=20=28arab=2C=20vx?=
 =?UTF-8?q?p=29?= <lucio@lucioillanes.de>
Date: Sat, 5 May 2018 17:00:46 +0000
Subject: patches/libarchive-3.3.2.local.patch: merges CVE-2017-14166.patch
 from [1] (via Redfoxmon.)

References:
Sat, 05 May 2018 17:01:11 +0000 [1] <https://git.alpinelinux.org/cgit/aports/tree/main/libarchive/CVE-2017-14166.patch>
---
 patches/libarchive-3.3.2.local.patch | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

(limited to 'patches')

diff --git a/patches/libarchive-3.3.2.local.patch b/patches/libarchive-3.3.2.local.patch
index 5ab5610a..7bf80662 100644
--- a/patches/libarchive-3.3.2.local.patch
+++ b/patches/libarchive-3.3.2.local.patch
@@ -10,3 +10,39 @@
  #include <stdlib.h> /* malloc, free */
  #include <string.h> /* memset */
  static inline HMAC_CTX *HMAC_CTX_new(void)
+From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Tue, 5 Sep 2017 18:12:19 +0200
+Subject: [PATCH] Do something sensible for empty strings to make fuzzers
+ happy.
+
+---
+ libarchive/archive_read_support_format_xar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9d..93eeacc5e 100644
+--- a/libarchive/archive_read_support_format_xar.c
++++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+ 	uint64_t l;
+ 	int digit;
+ 
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	digit = *p - '0';
+ 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+ 	int64_t l;
+ 	int digit;
+-        
++
++	if (char_cnt == 0)
++		return (0);
++
+ 	l = 0;
+ 	while (char_cnt-- > 0) {
+ 		if (*p >= '0' && *p <= '7')
-- 
cgit v1.2.3