From: Bertrand Marc <bmarc@debian.org>
Subject: CVE-2017-15602

Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
Origin: https://gnunet.org/git/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc
--- a/src/plugins/nsfe_extractor.c
+++ b/src/plugins/nsfe_extractor.c
@@ -374,7 +374,9 @@
 		    8))
 	break;
       chunksize = nsfeuint (data);
-      off += 8 + chunksize;
+      if (off + chunksize + 8LLU <= off)
+        break; /* protect against looping */
+      off += 8LLU + chunksize;
       if (0 == memcmp (data + 4, "INFO", 4))
         ret = info_extract (ec, chunksize);        
       else if (0 == memcmp (data + 4, "auth", 4))