Hi, I've fixed this bug. Please see the attachment. The patch and the autopkgtest scripts.
Yours,
Paul
--
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) <paul...@debian.org>
Description: This patch fixes CVE-2017-14121 CVE-2017-14121 describes a security issue about null pointer dereference vulnerability. Author: Ying-Chun Liu (PaulLiu) <paul...@debian.org> Bug-Debian: https://bugs.debian.org/874061 Last-Update: 2017-10-14 Index: unrar-free-0.0.1+cvs20140707/src/unrarlib.c =================================================================== --- unrar-free-0.0.1+cvs20140707.orig/src/unrarlib.c +++ unrar-free-0.0.1+cvs20140707/src/unrarlib.c @@ -1651,6 +1651,8 @@ DecodeNumber (struct Decode *Deco) #else N = BitField & 0xFFFE; + if (!Deco->DecodeLen) + return; if (N < Deco->DecodeLen[8]) { if (N < Deco->DecodeLen[4])
#!/bin/sh
#
# Test CVE-2017-14121
setUp() {
uudecode > unrar-gpl-nullptr.rar <<EOF
begin-base64 644 -
UmFyIRoHAM+QcwAADQAAAAAAAABvvXQAgCUABQAAAAUAAAAAm7HC/4+CR0YU
AAAAAAAAb70=
====
EOF
}
tearDown() {
rm -f unrar-gpl-nullptr.rar
}
testList() {
valgrind --error-exitcode=121 --track-origins=yes unrar-free --list
unrar-gpl-nullptr.rar
assertEquals "Valgrind status code" 0 $?
}
testExtract() {
catchsegv unrar-free --extract unrar-gpl-nullptr.rar >
"$AUTOPKGTEST_TMP"/0004-CVE-2017-14121.log 2>&1
grep -q '*** Segmentation fault'
"$AUTOPKGTEST_TMP"/0004-CVE-2017-14121.log
assertNotEquals "catchsegv value" 0 $?
valgrind --error-exitcode=121 --track-origins=yes unrar-free --extract
unrar-gpl-nullptr.rar
assertNotEquals "Valgrind status code" 121 $?
}
. /usr/bin/shunit2
signature.asc
Description: OpenPGP digital signature
