Hi KiBi, On 02.07.2017 23:25, Cyril Brulebois wrote: > Control: tag -1 confirmed > > Hi Felix, > > Felix Geyer <[email protected]> (2017-06-29): >> I'd like to fix CVE-2012-6706 in stretch, see #865461 for details. >> debdiff is attached. > > This looks good to me, feel free to upload; thanks.
Uploaded, thanks! >> +--- unrar-nonfree-5.3.2.orig/unpack.hpp >> ++++ unrar-nonfree-5.3.2/unpack.hpp >> +@@ -13,6 +13,12 @@ >> + // from two data blocks. >> + #define MAX3_UNPACK_FILTERS 8192 >> + >> ++// Limit maximum number of channels in RAR3 delta filter to some reasonable >> ++// value to prevent too slow processing of corrupt archives with invalid >> ++// channels number. Must be equal or larger than v3_MAX_FILTER_CHANNELS. >> ++// No need to provide it for RAR5, which uses only 5 bits to store >> channels. >> ++#define MAX3_UNPACK_CHANNELS 1024 >> ++ >> + // Write data in 4 MB or smaller blocks. Must not exceed PACK_MAX_WRITE, >> + // so we keep number of buffered filter in unpacker reasonable. >> + #define UNPACK_MAX_WRITE 0x400000 > > (Funny to see a new definition for MAX3_UNPACK_CHANNELS but not for the > hardcoded 128. But I suppose this might be an artefact of backporting > the fix from a new upstream. Not a huge deal anyway.) It's the same in the upstream 5.5.5 code. Incidentally there is also no MAX_FILTER_CHANNELS constant defined ... Felix
