Accepting request 634144 from home:jmoellers:branches:devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/634144 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=37
2018-09-10 07:41:57 +00:00 · 2018-09-10 07:41:57 +00:00 · 3410d55fe0
commit 3410d55fe0
parent a5d7ebe036
3 changed files with 52 additions and 2 deletions
--- a/CVE-2018-16548.patch
+++ b/CVE-2018-16548.patch
@ -0,0 +1,41 @@
+Index: zziplib-0.13.69/zzip/zip.c
+===================================================================
+--- zziplib-0.13.69.orig/zzip/zip.c
+++ zziplib-0.13.69/zzip/zip.c
+@@ -477,9 +477,15 @@ __zzip_parse_root_directory(int fd,
+         } else
+         {
+             if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
+	    {
+	    	free(hdr0);
+                 return ZZIP_DIR_SEEK;
+	    }
+             if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
+	    {
+	    	free(hdr0);
+                 return ZZIP_DIR_READ;
+	    }
+             d = &dirent;
+         }
+ 
+@@ -579,11 +585,18 @@ __zzip_parse_root_directory(int fd,
+ 
+         if (hdr_return)
+             *hdr_return = hdr0;
+	else
+	{
+	    /* If it is not assigned to *hdr_return, it will never be free()'d */
+	    free(hdr0);
+	}
+     }                           /* else zero (sane) entries */
+    else
+        free(hdr0);
+ #  ifndef ZZIP_ALLOW_MODULO_ENTRIES
+-    return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
+    return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
+ #  else
+-    return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
+    return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
+ #  endif
+ }
+ 
--- a/zziplib.changes
+++ b/zziplib.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Sep  7 11:51:45 UTC 2018 - josef.moellers@suse.com
+
+- Avoid memory leak from __zzip_parse_root_directory().
+  Free allocated structure if its address is not passed back.
+  [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch]
+
 -------------------------------------------------------------------
 Mon Mar 19 13:57:10 UTC 2018 - josef.moellers@suse.com

--- a/zziplib.spec
+++ b/zziplib.spec
@ -1,7 +1,7 @@
 #
 # spec file for package zziplib
 #
-# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -21,9 +21,9 @@ Name:           zziplib
 Version:        0.13.69
 Release:        0
 Summary:        ZIP Compression Library
+# License:        LGPL-2.1-or-later
 License:        LGPL-2.1+
 Group:          Development/Libraries/C and C++
-# License:        LGPL-2.1-or-later
 Url:            http://zziplib.sourceforge.net
 Source0:        https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf
@ -32,6 +32,7 @@ Patch1:         zziplib-0.13.62-wronglinking.patch
 Patch2:         zziplib-largefile.patch
 Patch3:         CVE-2018-7726.patch
 Patch4:         CVE-2018-7725.patch
+Patch5:         CVE-2018-16548.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@ -70,6 +71,7 @@ ZZipLib.
 %patch2
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 # do not bother with html docs saving us python2 dependency
 sed -i -e 's:docs ::g' Makefile.am