zziplib/CVE-2018-6484.patch

Index: zziplib-0.13.67/zzip/zip.c
===================================================================
--- zziplib-0.13.67.orig/zzip/zip.c
+++ zziplib-0.13.67/zzip/zip.c
@@ -320,6 +320,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
 #                  endif
 
                     __fixup_rootseek(offset + tail - mapped, trailer);
+		    /*
+		     * "extract data from files archived in a single zip file."
+		     * So the file offsets must be within the current ZIP archive!
+		     */
+		    if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+		        return(ZZIP_CORRUPTED);
                     { return(0); }
                 } else if ((*tail == 'P') &&
                            end - tail >=
@@ -338,6 +344,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
                         zzip_disk64_trailer_finalentries(orig);
                     trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
                     trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
+		    /*
+		     * "extract data from files archived in a single zip file."
+		     * So the file offsets must be within the current ZIP archive!
+		     */
+		    if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+		        return(ZZIP_CORRUPTED);
                     { return(0); }
 #                  endif
                 }
Index: zziplib-0.13.67/bins/unzzipcat-zip.c
===================================================================
--- zziplib-0.13.67.orig/bins/unzzipcat-zip.c
+++ zziplib-0.13.67/bins/unzzipcat-zip.c
@@ -78,7 +78,7 @@ static int unzzip_cat (int argc, char **
     
     disk = zzip_dir_open (argv[1], &error);
     if (! disk) {
-	perror(argv[1]);
+	fprintf(stderr, "%s: %s\n", argv[1], zzip_strerror(error));
 	return -1;
     }
Accepting request 571949 from home:jmoellers:branches:devel:libraries:c_c++ OBS-URL: https://build.opensuse.org/request/show/571949 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=23 2018-02-05 10:50:07 +00:00			`Index: zziplib-0.13.67/zzip/zip.c`
			`===================================================================`
			`--- zziplib-0.13.67.orig/zzip/zip.c`
			`+++ zziplib-0.13.67/zzip/zip.c`
			`@@ -320,6 +320,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o`
			`# endif`

			`__fixup_rootseek(offset + tail - mapped, trailer);`
			`+ /*`
			`+ * "extract data from files archived in a single zip file."`
			`+ * So the file offsets must be within the current ZIP archive!`
			`+ */`
			`+ if (trailer->zz_rootseek >= filesize \|\| (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)`
			`+ return(ZZIP_CORRUPTED);`
			`{ return(0); }`
			`} else if ((*tail == 'P') &&`
			`end - tail >=`
			`@@ -338,6 +344,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o`
			`zzip_disk64_trailer_finalentries(orig);`
			`trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);`
			`trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);`
			`+ /*`
			`+ * "extract data from files archived in a single zip file."`
			`+ * So the file offsets must be within the current ZIP archive!`
			`+ */`
			`+ if (trailer->zz_rootseek >= filesize \|\| (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)`
			`+ return(ZZIP_CORRUPTED);`
			`{ return(0); }`
			`# endif`
			`}`
			`Index: zziplib-0.13.67/bins/unzzipcat-zip.c`
			`===================================================================`
			`--- zziplib-0.13.67.orig/bins/unzzipcat-zip.c`
			`+++ zziplib-0.13.67/bins/unzzipcat-zip.c`
			`@@ -78,7 +78,7 @@ static int unzzip_cat (int argc, char **`

			`disk = zzip_dir_open (argv[1], &error);`
			`if (! disk) {`
			`- perror(argv[1]);`
			`+ fprintf(stderr, "%s: %s\n", argv[1], zzip_strerror(error));`
			`return -1;`
			`}`