components/archiver/p7zip/patches/04-CVE-2018-10115.patch

   1 Patch based on analysis of the fix in upstream 7-zip at
   2
   3     https://landave.io/files/patch_7zip_CVE-2018-10115.txt
   4
   5 diff -pruN '--exclude=*.orig' p7zip_16.02~/CPP/7zip/Compress/Rar1Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp
   6 --- p7zip_16.02~/CPP/7zip/Compress/Rar1Decoder.cpp      2018-05-02 15:06:58.034027678 +0000
   7 +++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp       2018-05-02 15:06:58.162661972 +0000
   8 @@ -29,7 +29,12 @@ public:
   9  };
  10  */
  11
  12 -CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
  13 +CDecoder::CDecoder():
  14 +       m_IsSolid(false),
  15 +       m_solidAllowed(false),
  16 +       _errorMode(false)
  17 +{
  18 +}
  19
  20  void CDecoder::InitStructures()
  21  {
  22 @@ -391,6 +396,11 @@ HRESULT CDecoder::CodeReal(ISequentialIn
  23    if (inSize == NULL || outSize == NULL)
  24      return E_INVALIDARG;
  25
  26 +  if (m_IsSolid && !m_solidAllowed)
  27 +     return S_FALSE;
  28 +
  29 +  m_solidAllowed = false;
  30 +
  31    if (!m_OutWindowStream.Create(kHistorySize))
  32      return E_OUTOFMEMORY;
  33    if (!m_InBitStream.Create(1 << 20))
  34 @@ -473,6 +483,7 @@ HRESULT CDecoder::CodeReal(ISequentialIn
  35        }
  36      }
  37    }
  38 +  m_solidAllowed = true;
  39    if (m_UnpackSize < 0)
  40      return S_FALSE;
  41    return m_OutWindowStream.Flush();
  42 diff -pruN '--exclude=*.orig' p7zip_16.02~/CPP/7zip/Compress/Rar1Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h
  43 --- p7zip_16.02~/CPP/7zip/Compress/Rar1Decoder.h        2018-05-02 15:06:58.034273736 +0000
  44 +++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h 2018-05-02 15:06:58.162871572 +0000
  45 @@ -39,6 +39,7 @@ public:
  46
  47    Int64 m_UnpackSize;
  48    bool m_IsSolid;
  49 +  bool m_solidAllowed;
  50    bool _errorMode;
  51
  52    UInt32 ReadBits(int numBits);
  53 diff -pruN '--exclude=*.orig' p7zip_16.02~/CPP/7zip/Compress/Rar2Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp
  54 --- p7zip_16.02~/CPP/7zip/Compress/Rar2Decoder.cpp      2018-05-02 15:06:58.034541629 +0000
  55 +++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp       2018-05-02 15:06:58.163128844 +0000
  56 @@ -81,6 +81,7 @@ static const UInt32 kWindowReservSize =
  57
  58  CDecoder::CDecoder():
  59    m_IsSolid(false),
  60 +  m_solidAllowed(false),
  61    m_TablesOK(false)
  62  {
  63  }
  64 @@ -320,6 +321,10 @@ HRESULT CDecoder::CodeReal(ISequentialIn
  65    if (inSize == NULL || outSize == NULL)
  66      return E_INVALIDARG;
  67
  68 +  if (m_IsSolid && !m_solidAllowed)
  69 +    return S_FALSE;
  70 +  m_solidAllowed = false;
  71 +
  72    if (!m_OutWindowStream.Create(kHistorySize))
  73      return E_OUTOFMEMORY;
  74    if (!m_InBitStream.Create(1 << 20))
  75 @@ -343,6 +348,7 @@ HRESULT CDecoder::CodeReal(ISequentialIn
  76        if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect;
  77          if (!ReadTables())
  78            return S_FALSE;
  79 +      m_solidAllowed = true;
  80        return S_OK;
  81      }
  82      if (!ReadTables())
  83 @@ -386,6 +392,7 @@ HRESULT CDecoder::CodeReal(ISequentialIn
  84
  85    if (!ReadLastTables())
  86      return S_FALSE;
  87 +  m_solidAllowed = true;
  88    return m_OutWindowStream.Flush();
  89  }
  90
  91 diff -pruN '--exclude=*.orig' p7zip_16.02~/CPP/7zip/Compress/Rar2Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h
  92 --- p7zip_16.02~/CPP/7zip/Compress/Rar2Decoder.h        2018-05-02 15:06:58.034736908 +0000
  93 +++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h 2018-05-02 15:06:58.163323313 +0000
  94 @@ -139,6 +139,7 @@ class CDecoder :
  95
  96    UInt64 m_PackSize;
  97    bool m_IsSolid;
  98 +  bool m_solidAllowed;
  99    bool m_TablesOK;
 100
 101    void InitStructures();
 102 diff -pruN '--exclude=*.orig' p7zip_16.02~/CPP/7zip/Compress/Rar3Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp
 103 --- p7zip_16.02~/CPP/7zip/Compress/Rar3Decoder.cpp      2018-05-02 15:06:58.035151069 +0000
 104 +++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp       2018-05-02 15:06:58.163692811 +0000
 105 @@ -93,6 +93,7 @@ CDecoder::CDecoder():
 106    _vmData(0),
 107    _vmCode(0),
 108    m_IsSolid(false),
 109 +  m_solidAllowed(false),
 110    _errorMode(false)
 111  {
 112    Ppmd7_Construct(&_ppmd);
 113 @@ -845,7 +846,10 @@ HRESULT CDecoder::CodeReal(ICompressProg
 114      bool keepDecompressing;
 115      RINOK(ReadTables(keepDecompressing));
 116      if (!keepDecompressing)
 117 +    {
 118 +      m_solidAllowed = true;
 119        return S_OK;
 120 +    }
 121    }
 122
 123    for (;;)
 124 @@ -870,6 +874,7 @@ HRESULT CDecoder::CodeReal(ICompressProg
 125      if (!keepDecompressing)
 126        break;
 127    }
 128 +  m_solidAllowed = true;
 129    RINOK(WriteBuf());
 130    UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize();
 131    RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize));
 132 @@ -890,6 +895,10 @@ STDMETHODIMP CDecoder::Code(ISequentialI
 133      if (!inSize)
 134        return E_INVALIDARG;
 135
 136 +   if (m_IsSolid && !m_solidAllowed)
 137 +      return S_FALSE;
 138 +   m_solidAllowed = false;
 139 +
 140      if (!_vmData)
 141      {
 142        _vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax);
 143 diff -pruN '--exclude=*.orig' p7zip_16.02~/CPP/7zip/Compress/Rar3Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h
 144 --- p7zip_16.02~/CPP/7zip/Compress/Rar3Decoder.h        2018-05-02 15:06:58.035371032 +0000
 145 +++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h 2018-05-02 15:06:58.163919947 +0000
 146 @@ -192,6 +192,7 @@ class CDecoder:
 147    UInt32 _lastFilter;
 148
 149    bool m_IsSolid;
 150 +  bool m_solidAllowed;
 151    bool _errorMode;
 152
 153    bool _lzMode;
 154 diff -pruN '--exclude=*.orig' p7zip_16.02~/CPP/7zip/Compress/Rar5Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.cpp
 155 --- p7zip_16.02~/CPP/7zip/Compress/Rar5Decoder.cpp      2016-05-20 08:20:04.000000000 +0000
 156 +++ p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.cpp       2018-05-02 15:06:58.164239702 +0000
 157 @@ -72,6 +72,7 @@ CDecoder::CDecoder():
 158      _writtenFileSize(0),
 159      _dictSizeLog(0),
 160      _isSolid(false),
 161 +    _solidAllowed(false),
 162      _wasInit(false),
 163      _inputBuf(NULL)
 164  {
 165 @@ -801,7 +802,10 @@ HRESULT CDecoder::CodeReal()
 166    */
 167
 168    if (res == S_OK)
 169 +  {
 170 +    _solidAllowed = true;
 171      res = res2;
 172 +  }
 173
 174    if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize)
 175      return S_FALSE;
 176 @@ -821,6 +825,9 @@ STDMETHODIMP CDecoder::Code(ISequentialI
 177  {
 178    try
 179    {
 180 +    if (_isSolid && !_solidAllowed)
 181 +        return S_FALSE;
 182 +    _solidAllowed = false;
 183      if (_dictSizeLog >= sizeof(size_t) * 8)
 184        return E_NOTIMPL;
 185
 186 diff -pruN '--exclude=*.orig' p7zip_16.02~/CPP/7zip/Compress/Rar5Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.h
 187 --- p7zip_16.02~/CPP/7zip/Compress/Rar5Decoder.h        2015-09-01 18:04:50.000000000 +0000
 188 +++ p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.h 2018-05-02 15:06:58.164455518 +0000
 189 @@ -271,6 +271,7 @@ class CDecoder:
 190    Byte _dictSizeLog;
 191    bool _tableWasFilled;
 192    bool _isSolid;
 193 +  bool _solidAllowed;
 194    bool _wasInit;
 195
 196    UInt32 _reps[kNumReps];