CVE-2020-27350: debfile: integer overflow: Limit control size to 64 MiB

Like the code in arfile.cc, MemControlExtract also has buffer overflows, in code allocating memory for parsing control files. Specify an upper limit of 64 MiB for control files to both protect against the Size overflowing (we allocate Size + 2 bytes), and protect a bit against control files consisting only of zeroes.
author: Julian Andres Klode <julian.klode@canonical.com> 2020-12-05 20:17:56 +0100
committer: Julian Andres Klode <julian.klode@canonical.com> 2020-12-09 17:30:43 +0100
commit: 0444f9dd52c2bc7bec315f6f1ecad76a30713fa0 (patch)
tree: 829adb6ab6b082ed027f3a64c2d489bc6d330a4a /test/interactive-helper
parent: 822db13d68658a1a20df2d19c688c18faa331616 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/test/interactive-helper/createdeb-cve-2020-27350.cc b/test/interactive-helper/createdeb-cve-2020-27350.cc
index 7c58eb9df..af049d4e8 100644
--- a/test/interactive-helper/createdeb-cve-2020-27350.cc
+++ b/test/interactive-helper/createdeb-cve-2020-27350.cc
@@ -303,6 +303,10 @@ int main(int argc, char *argv[])
    {
       createdeb_bigtarfilelength(fd, 'K');
    }
+   else if (strcmp(mode, "long-control") == 0)
+   {
+      createdeb_bigtarfilelength(fd, '0');
+   }
    else if (strcmp(mode, "test") == 0)
    {
       createdeb_test(fd);
author	Julian Andres Klode <julian.klode@canonical.com>	2020-12-05 20:17:56 +0100
committer	Julian Andres Klode <julian.klode@canonical.com>	2020-12-09 17:30:43 +0100
commit	0444f9dd52c2bc7bec315f6f1ecad76a30713fa0 (patch)
tree	829adb6ab6b082ed027f3a64c2d489bc6d330a4a /test/interactive-helper
parent	822db13d68658a1a20df2d19c688c18faa331616 (diff)