Accepting request 574265 from home:kbabioch:branches:Archiving

- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035 bsc#1080074) OBS-URL: https://build.opensuse.org/request/show/574265 OBS-URL: https://build.opensuse.org/package/show/Archiving/unzip?expand=0&rev=45
2018-02-08 16:00:23 +00:00 · 2018-02-08 16:00:23 +00:00 · 3f03a2580c
commit 3f03a2580c
parent 14570ef165
4 changed files with 49 additions and 2 deletions
--- a/CVE-2018-1000035.patch
+++ b/CVE-2018-1000035.patch
@ -0,0 +1,39 @@
+From: <kbabioch@suse.com>
+Date: Thu Feb  8 15:10:03 CET 2018
+Upstream: merged
+References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548
+
+Index: fileio.c
+===================================================================
+--- fileio.c.orig
+++ fileio.c
+@@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
+     int r = IZ_PW_ENTERED;
+     char *m;
+     char *prompt;
+-
+    char *zfnf;
+    char *efnf;
+    size_t zfnfl;
+    int isOverflow;
+    
+ #ifndef REENTRANT
+     /* tell picky compilers to shut up about "unused variable" warnings */
+     pG = pG;
+@@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
+ 
+     if (*rcnt == 0) {           /* First call for current entry */
+         *rcnt = 2;
+-        if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+        zfnf = FnFilter1(zfn);
+        efnf = FnFilter2(efn);
+        zfnfl = strlen(zfnf);
+        isOverflow = TRUE;
+        if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
+        {
+		isOverflow = FALSE;
+        }
+        if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
+             sprintf(prompt, LoadFarString(PasswPrompt),
+                     FnFilter1(zfn), FnFilter2(efn));
+             m = prompt;
--- a/unzip-rcc.spec
+++ b/unzip-rcc.spec
@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
--- a/unzip.changes
+++ b/unzip.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb  8 14:11:25 UTC 2018 - kbabioch@suse.com
+
+- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in 
+  password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
+
 -------------------------------------------------------------------
 Thu Jul  6 13:25:44 UTC 2017 - nico.kruber@gmail.com

--- a/unzip.spec
+++ b/unzip.spec
@ -1,7 +1,7 @@
 #
 # spec file for package unzip
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -56,6 +56,7 @@ Patch15:        CVE-2015-7696.patch
 Patch16:        CVE-2015-7697.patch
 Patch17:        CVE-2016-9844.patch
 Patch18:        CVE-2014-9913.patch
+Patch19:        CVE-2018-1000035.patch
 Requires(post): update-alternatives
 Requires(preun): update-alternatives
 Recommends:     %{_name}-doc
@ -98,6 +99,7 @@ functionality. This version can also extract encrypted archives.
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
+%patch19 -p0

 %build
 export RPM_OPT_FLAGS="%{optflags} \