pool/unzip
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 574312 from Archiving

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/574312
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unzip?expand=0&rev=41
This commit is contained in:
Dominique Leuenberger 2018-02-10 16:53:01 +00:00 committed by Git OBS Bridge
commit 27174ed16b
4 changed files with 49 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2018-1000035.patch Normal file
View File

@ -0,0 +1,39 @@
From: <kbabioch@suse.com>
Date: Thu Feb 8 15:10:03 CET 2018
Upstream: merged
References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548
Index: fileio.c
===================================================================
--- fileio.c.orig
+++ fileio.c
@@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
int r = IZ_PW_ENTERED;
char *m;
char *prompt;
-
+ char *zfnf;
+ char *efnf;
+ size_t zfnfl;
+ int isOverflow;
+
#ifndef REENTRANT
/* tell picky compilers to shut up about "unused variable" warnings */
pG = pG;
@@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
if (*rcnt == 0) { /* First call for current entry */
*rcnt = 2;
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+ zfnf = FnFilter1(zfn);
+ efnf = FnFilter2(efn);
+ zfnfl = strlen(zfnf);
+ isOverflow = TRUE;
+ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
+ {
+ isOverflow = FALSE;
+ }
+ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
sprintf(prompt, LoadFarString(PasswPrompt),
FnFilter1(zfn), FnFilter2(efn));
m = prompt;

2
unzip-rcc.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package unzip-rcc # spec file for package unzip-rcc
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed

6
unzip.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Feb 8 14:11:25 UTC 2018 - kbabioch@suse.com
- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com

4
unzip.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package unzip # spec file for package unzip
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -56,6 +56,7 @@ Patch15: CVE-2015-7696.patch
Patch16: CVE-2015-7697.patch Patch16: CVE-2015-7697.patch
Patch17: CVE-2016-9844.patch Patch17: CVE-2016-9844.patch
Patch18: CVE-2014-9913.patch Patch18: CVE-2014-9913.patch
Patch19: CVE-2018-1000035.patch
Requires(post): update-alternatives Requires(post): update-alternatives
Requires(preun): update-alternatives Requires(preun): update-alternatives
Recommends: %{_name}-doc Recommends: %{_name}-doc
@ -98,6 +99,7 @@ functionality. This version can also extract encrypted archives.
%patch16 -p1 %patch16 -p1
%patch17 -p1 %patch17 -p1
%patch18 -p1 %patch18 -p1
%patch19 -p0
%build %build
export RPM_OPT_FLAGS="%{optflags} \ export RPM_OPT_FLAGS="%{optflags} \