pool/zziplib
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 576008 from home:jmoellers:branches:devel:libraries:c_c++

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/576008
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=26
This commit is contained in:
Ismail Dönmez 2018-02-13 12:30:53 +00:00 committed by Git OBS Bridge
parent 852e18aefc
commit b1959e22d9
3 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
CVE-2018-6542.patch Normal file
View File

@ -0,0 +1,54 @@
Index: zziplib-0.13.67/zzip/mmapped.c
===================================================================
--- zziplib-0.13.67.orig/zzip/mmapped.c
+++ zziplib-0.13.67/zzip/mmapped.c
@@ -413,16 +413,19 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
for (; p >= disk->buffer; p--)
{
zzip_byte_t *root; /* (struct zzip_disk_entry*) */
+ zzip_size_t rootsize; /* Size of root central directory */
+
if (zzip_disk_trailer_check_magic(p))
{
struct zzip_disk_trailer *trailer = (struct zzip_disk_trailer *) p;
zzip_size_t rootseek = zzip_disk_trailer_get_rootseek(trailer);
+ rootsize = zzip_disk_trailer_get_rootsize(trailer);
+
root = disk->buffer + rootseek;
DBG2("disk rootseek at %lli", (long long)rootseek);
if (root > p)
{
/* the first disk_entry is after the disk_trailer? can't be! */
- zzip_size_t rootsize = zzip_disk_trailer_get_rootsize(trailer);
DBG2("have rootsize at %lli", (long long)rootsize);
if (disk->buffer + rootsize > p)
continue;
@@ -441,6 +444,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
return 0;
}
zzip_size_t rootseek = zzip_disk64_trailer_get_rootseek(trailer);
+ rootsize = zzip_disk64_trailer_get_rootsize(trailer);
DBG2("disk64 rootseek at %lli", (long long)rootseek);
root = disk->buffer + rootseek;
if (root > p)
@@ -457,7 +461,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
errno = EBADMSG;
return 0;
}
- if (root >= disk->endbuf)
+ if (root >= disk->endbuf || (root + rootsize) >= disk->endbuf)
{
DBG1("root behind endbuf should be impossible");
errno = EBADMSG;
Index: zziplib-0.13.67/zzip/memdisk.c
===================================================================
--- zziplib-0.13.67.orig/zzip/memdisk.c
+++ zziplib-0.13.67/zzip/memdisk.c
@@ -143,6 +143,7 @@ zzip_mem_disk_load(ZZIP_MEM_DISK * dir,
zzip_mem_disk_unload(dir);
___ long count = 0;
___ struct zzip_disk_entry *entry = zzip_disk_findfirst(disk);
+ if (!entry) goto error;
for (; entry; entry = zzip_disk_findnext(disk, entry))
{
ZZIP_MEM_ENTRY *item = zzip_mem_entry_new(disk, entry);

8
zziplib.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Mon Feb 12 16:14:31 UTC 2018 - josef.moellers@suse.com
- If the size of the central directory is too big, reject
the file.
Then, if loading the ZIP file fails, display an error message.
[CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 6 14:55:03 UTC 2018 - josef.moellers@suse.com Tue Feb 6 14:55:03 UTC 2018 - josef.moellers@suse.com

2
zziplib.spec
View File

@ -32,6 +32,7 @@ Patch2: zziplib-largefile.patch
Patch3: CVE-2018-6381.patch Patch3: CVE-2018-6381.patch
Patch4: CVE-2018-6484.patch Patch4: CVE-2018-6484.patch
Patch5: CVE-2018-6540.patch Patch5: CVE-2018-6540.patch
Patch6: CVE-2018-6542.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: fdupes BuildRequires: fdupes
@ -72,6 +73,7 @@ ZZipLib.
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
# do not bother with html docs saving us python2 dependency # do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am sed -i -e 's:docs ::g' Makefile.am