pool/zlib
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5d69be23dd
zlib/CVE-2023-45853.patch
Danilo Spinella 22d97a578b Accepting request 1119078 from home:dspinella:branches:devel:libraries:c_c++ 
- Update to 1.3:
  * Building using K&R (pre-ANSI) function definitions is no longer supported.
  * Fixed a bug in deflateBound() for level 0 and memLevel 9.
  * Fixed a bug when gzungetc() is used immediately after gzopen().
  * Fixed a bug when using gzflush() with a very small buffer.
  * Fixed a crash when gzsetparams() is attempted for a transparent write.
  * Fixed test/example.c to work with FORCE_STORED.
  * Fixed minizip to allow it to open an empty zip file.
  * Fixed reading disk number start on zip64 files in minizip.
  * Fixed a logic error in minizip argument processing. 
- Added patches:
  * zlib-1.3-IBM-Z-hw-accelerated-deflate-s390x.patch
- Refreshed patches:
  * zlib-1.2.12-add-optimized-slide_hash-for-power.patch
  * zlib-1.2.12-add-vectorized-longest_match-for-power.patch
  * zlib-1.2.12-adler32-vector-optimizations-for-power.patch
  * zlib-1.2.13-optimized-s390.patch
  * zlib-format.patch
  * zlib-no-version-check.patch
- Removed patches:
  * bsc1210593.patch
  * zlib-1.2.13-fix-bug-deflateBound.patch
  * zlib-1.2.12-s390-vectorize-crc32.patch
  * zlib-1.2.13-IBM-Z-hw-accelerated-deflate-s390x.patch
  * zlib-1.2.12-add-optimized-slide_hash-for-power.patch
  * zlib-1.2.12-fix-invalid-memory-access-on-ppc-and-ppc64.patch
  * zlib-1.2.12-add-vectorized-longest_match-for-power.patch
  * zlib-1.2.12-adler32-vector-optimizations-for-power.patch
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
  overflow in zipOpenNewFileInZip4_6, bsc#1216378

OBS-URL: https://build.opensuse.org/request/show/1119078
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zlib?expand=0&rev=95
2023-10-19 16:28:40 +00:00

39 lines
1.5 KiB
Diff
Raw Blame History

From 431e66398552effd82d5c0ea982a521821782ebd Mon Sep 17 00:00:00 2001
From: Hans Wennborg <hans@chromium.org>
Date: Fri, 18 Aug 2023 11:05:33 +0200
Subject: [PATCH] minizip: Check length of comment, filename, and extra field,
in zipOpenNewFileInZip4_64
These are stored in 16-bit fields in the zip file format. Passing longer
values would generate an invalid file.
Passing very long values could also cause the computation of
zi->ci.size_centralheader to overflow, which would cause heap buffer
overflow on subsequent writes to zi->ci.central_header.
---
contrib/minizip/zip.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
index 3d3d4cadd..0446109b2 100644
--- a/contrib/minizip/zip.c
+++ b/contrib/minizip/zip.c
@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
return ZIP_PARAMERROR;
#endif
+ // The filename and comment length must fit in 16 bits.
+ if ((filename!=NULL) && (strlen(filename)>0xffff))
+ return ZIP_PARAMERROR;
+ if ((comment!=NULL) && (strlen(comment)>0xffff))
+ return ZIP_PARAMERROR;
+ // The extra field length must fit in 16 bits. If the member also requires
+ // a Zip64 extra block, that will also need to fit within that 16-bit
+ // length, but that will be checked for later.
+ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
+ return ZIP_PARAMERROR;
+
zi = (zip64_internal*)file;
if (zi->in_opened_file_inzip == 1)
Reference in New Issue View Git Blame Copy Permalink