Hi, I've fixed this bug. Please see the attachment. The patch and the autopkgtest scripts.
Yours, Paul -- PaulLiu (劉穎駿) E-mail: Ying-Chun Liu (PaulLiu) <paul...@debian.org>
Description: This patch fixes CVE-2017-14121 CVE-2017-14121 describes a security issue about null pointer dereference vulnerability. Author: Ying-Chun Liu (PaulLiu) <paul...@debian.org> Bug-Debian: https://bugs.debian.org/874061 Last-Update: 2017-10-14 Index: unrar-free-0.0.1+cvs20140707/src/unrarlib.c =================================================================== --- unrar-free-0.0.1+cvs20140707.orig/src/unrarlib.c +++ unrar-free-0.0.1+cvs20140707/src/unrarlib.c @@ -1651,6 +1651,8 @@ DecodeNumber (struct Decode *Deco) #else N = BitField & 0xFFFE; + if (!Deco->DecodeLen) + return; if (N < Deco->DecodeLen[8]) { if (N < Deco->DecodeLen[4])
#!/bin/sh # # Test CVE-2017-14121 setUp() { uudecode > unrar-gpl-nullptr.rar <<EOF begin-base64 644 - UmFyIRoHAM+QcwAADQAAAAAAAABvvXQAgCUABQAAAAUAAAAAm7HC/4+CR0YU AAAAAAAAb70= ==== EOF } tearDown() { rm -f unrar-gpl-nullptr.rar } testList() { valgrind --error-exitcode=121 --track-origins=yes unrar-free --list unrar-gpl-nullptr.rar assertEquals "Valgrind status code" 0 $? } testExtract() { catchsegv unrar-free --extract unrar-gpl-nullptr.rar > "$AUTOPKGTEST_TMP"/0004-CVE-2017-14121.log 2>&1 grep -q '*** Segmentation fault' "$AUTOPKGTEST_TMP"/0004-CVE-2017-14121.log assertNotEquals "catchsegv value" 0 $? valgrind --error-exitcode=121 --track-origins=yes unrar-free --extract unrar-gpl-nullptr.rar assertNotEquals "Valgrind status code" 121 $? } . /usr/bin/shunit2
signature.asc
Description: OpenPGP digital signature