Skip to content

Commit 05caadc

Browse files
committed
Issue 719: Fix for TALOS-CAN-154
A RAR file with an invalid zero dictionary size was not being rejected, leading to a zero-sized allocation for the dictionary storage which was then overwritten during the dictionary initialization. Thanks to the Open Source and Threat Intelligence project at Cisco for reporting this.
1 parent e79ef30 commit 05caadc

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

Diff for: libarchive/archive_read_support_format_rar.c

+6
Original file line numberDiff line numberDiff line change
@@ -2127,6 +2127,12 @@ parse_codes(struct archive_read *a)
21272127
rar->range_dec.Stream = &rar->bytein;
21282128
__archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context);
21292129

2130+
if (rar->dictionary_size == 0) {
2131+
archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2132+
"Invalid zero dictionary size");
2133+
return (ARCHIVE_FATAL);
2134+
}
2135+
21302136
if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context,
21312137
rar->dictionary_size, &g_szalloc))
21322138
{

0 commit comments

Comments
 (0)