pool/unzip
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3f03a2580c
unzip/CVE-2018-1000035.patch

40 lines
1.3 KiB
Diff
Raw Normal View History

Accepting request 574265 from home:kbabioch:branches:Archiving - Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035 bsc#1080074) OBS-URL: https://build.opensuse.org/request/show/574265 OBS-URL: https://build.opensuse.org/package/show/Archiving/unzip?expand=0&rev=45
2018-02-08 17:00:23 +01:00
From: <kbabioch@suse.com>
Date: Thu Feb 8 15:10:03 CET 2018
Upstream: merged
References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548
Index: fileio.c
===================================================================
--- fileio.c.orig
+++ fileio.c
@@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
int r = IZ_PW_ENTERED;
char *m;
char *prompt;
-
+ char *zfnf;
+ char *efnf;
+ size_t zfnfl;
+ int isOverflow;
+
#ifndef REENTRANT
/* tell picky compilers to shut up about "unused variable" warnings */
pG = pG;
@@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
if (*rcnt == 0) { /* First call for current entry */
*rcnt = 2;
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+ zfnf = FnFilter1(zfn);
+ efnf = FnFilter2(efn);
+ zfnfl = strlen(zfnf);
+ isOverflow = TRUE;
+ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
+ {
+ isOverflow = FALSE;
+ }
+ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
sprintf(prompt, LoadFarString(PasswPrompt),
FnFilter1(zfn), FnFilter2(efn));
m = prompt;
Reference in New Issue Copy Permalink