diff options
author | Leo <thinkabit.ukim@gmail.com> | 2020-03-15 19:59:15 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-15 23:22:51 -0300 |
commit | c2274e2a2c1ca5483b797a79854cb460f7607a0f (patch) | |
tree | e5e93d0eeb26b8d12b2d12e547738ad52365dc46 | |
parent | 101d06c973ccdc4688ca75bdb33538058c3c611c (diff) |
main/lz4: fix CVE-2019-17543
see #10919
-rw-r--r-- | main/lz4/APKBUILD | 13 | ||||
-rw-r--r-- | main/lz4/CVE-2019-17543.patch | 77 |
2 files changed, 87 insertions, 3 deletions
diff --git a/main/lz4/APKBUILD b/main/lz4/APKBUILD index ab7adf94f4d..05badb02245 100644 --- a/main/lz4/APKBUILD +++ b/main/lz4/APKBUILD @@ -2,16 +2,22 @@ # Maintainer: Stuart Cardall <developer@it-offshore.co.uk> pkgname=lz4 pkgver=1.9.1 -pkgrel=0 +pkgrel=1 pkgdesc="LZ4 is lossless compression algorithm with fast decoder @ multiple GB/s per core." url="https://github.com/lz4/lz4" arch="all" license="BSD-2-Clause GPL-2.0-only" checkdepends="diffutils" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-tests:tests" -source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz + CVE-2019-17543.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 1.9.1-r1: +# - CVE-2019-17543 + build() { cd "$builddir" make PREFIX="/usr" @@ -34,4 +40,5 @@ package() { make PREFIX="/usr" DESTDIR="$pkgdir" install } -sha512sums="536cdeb6dd73b4769cf9501ad312b004ab01699758534b47ca2eddbc815fd374a3caba40cde36f73a7a70e134065836b733e2b0c023c31740b877ef9317ccf3e lz4-1.9.1.tar.gz" +sha512sums="536cdeb6dd73b4769cf9501ad312b004ab01699758534b47ca2eddbc815fd374a3caba40cde36f73a7a70e134065836b733e2b0c023c31740b877ef9317ccf3e lz4-1.9.1.tar.gz +814a5319b220783e1f2c435797aada7a9aafee30b18ae850e293b0001068200b53620f668f8ef9c2822b2694020809c54a36671e26bae4fcebe11c903a4ba09f CVE-2019-17543.patch" diff --git a/main/lz4/CVE-2019-17543.patch b/main/lz4/CVE-2019-17543.patch new file mode 100644 index 00000000000..f8c03d27a5a --- /dev/null +++ b/main/lz4/CVE-2019-17543.patch @@ -0,0 +1,77 @@ +diff --git a/lib/lz4.c b/lib/lz4.c +index e614c45..7572344 100644 +--- a/lib/lz4.c ++++ b/lib/lz4.c +@@ -643,6 +643,18 @@ LZ4_FORCE_INLINE U32 LZ4_hashPosition(const void* const p, tableType_t const tab + return LZ4_hash4(LZ4_read32(p), tableType); + } + ++static void LZ4_clearHash(U32 h, void* tableBase, tableType_t const tableType) ++{ ++ switch (tableType) ++ { ++ default: /* fallthrough */ ++ case clearedTable: { /* illegal! */ assert(0); return; } ++ case byPtr: { const BYTE** hashTable = (const BYTE**)tableBase; hashTable[h] = NULL; return; } ++ case byU32: { U32* hashTable = (U32*) tableBase; hashTable[h] = 0; return; } ++ case byU16: { U16* hashTable = (U16*) tableBase; hashTable[h] = 0; return; } ++ } ++} ++ + static void LZ4_putIndexOnHash(U32 idx, U32 h, void* tableBase, tableType_t const tableType) + { + switch (tableType) +@@ -841,6 +853,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic( + for ( ; ; ) { + const BYTE* match; + BYTE* token; ++ const BYTE* filledIp; + + /* Find a match */ + if (tableType == byPtr) { +@@ -923,6 +936,7 @@ LZ4_FORCE_INLINE int LZ4_compress_generic( + } + + /* Catch up */ ++ filledIp = ip; + while (((ip>anchor) & (match > lowLimit)) && (unlikely(ip[-1]==match[-1]))) { ip--; match--; } + + /* Encode Literals */ +@@ -1002,12 +1016,26 @@ _next_match: + } + + if ((outputDirective) && /* Check output buffer overflow */ +- (unlikely(op + (1 + LASTLITERALS) + (matchCode>>8) > olimit)) ) { ++ (unlikely(op + (1 + LASTLITERALS) + (matchCode+240)/255 > olimit)) ) { + if (outputDirective == fillOutput) { + /* Match description too long : reduce it */ +- U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 2 - 1 - LASTLITERALS) * 255; ++ U32 newMatchCode = 15 /* in token */ - 1 /* to avoid needing a zero byte */ + ((U32)(olimit - op) - 1 - LASTLITERALS) * 255; + ip -= matchCode - newMatchCode; ++ assert(newMatchCode < matchCode); + matchCode = newMatchCode; ++ if (unlikely(ip < filledIp)) { ++ /* We have already filled up to filledIp so if ip ends up less than filledIp ++ * we have positions in the hash table beyond the current position. This is ++ * a problem if we reuse the hash table. So we have to remove these positions ++ * from the hash table. ++ */ ++ const BYTE* ptr; ++ DEBUGLOG(5, "Clearing %u positions", (U32)(filledIp - ip)); ++ for (ptr = ip; ptr <= filledIp; ++ptr) { ++ U32 const h = LZ4_hashPosition(ptr, tableType); ++ LZ4_clearHash(h, cctx->hashTable, tableType); ++ } ++ } + } else { + assert(outputDirective == limitedOutput); + return 0; /* cannot compress within `dst` budget. Stored indexes in hash table are nonetheless fine */ +@@ -1027,6 +1055,8 @@ _next_match: + } else + *token += (BYTE)(matchCode); + } ++ /* Ensure we have enough space for the last literals. */ ++ assert(!(outputDirective == fillOutput && op + 1 + LASTLITERALS > olimit)); + + anchor = ip; + |