Accepting request 576008 from home:jmoellers:branches:devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/576008
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=26

CVE-2018-6542.patch

@@ -0,0 +1,54 @@
+Index: zziplib-0.13.67/zzip/mmapped.c
+===================================================================
+--- zziplib-0.13.67.orig/zzip/mmapped.c
++++ zziplib-0.13.67/zzip/mmapped.c
+@@ -413,16 +413,19 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
+     for (; p >= disk->buffer; p--)
+     {
+         zzip_byte_t *root;      /* (struct zzip_disk_entry*) */
++	zzip_size_t rootsize;	/* Size of root central directory */
++
+         if (zzip_disk_trailer_check_magic(p))
+         {
+             struct zzip_disk_trailer *trailer = (struct zzip_disk_trailer *) p;
+             zzip_size_t rootseek = zzip_disk_trailer_get_rootseek(trailer);
++	    rootsize = zzip_disk_trailer_get_rootsize(trailer);
++
+             root = disk->buffer + rootseek;
+             DBG2("disk rootseek at %lli", (long long)rootseek);
+             if (root > p)
+             {
+                 /* the first disk_entry is after the disk_trailer? can't be! */
+-                zzip_size_t rootsize = zzip_disk_trailer_get_rootsize(trailer);
+                 DBG2("have rootsize at %lli", (long long)rootsize);
+                 if (disk->buffer + rootsize > p)
+                     continue;
+@@ -441,6 +444,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
+                 return 0;
+             }
+             zzip_size_t rootseek = zzip_disk64_trailer_get_rootseek(trailer);
++	    rootsize = zzip_disk64_trailer_get_rootsize(trailer);
+             DBG2("disk64 rootseek at %lli", (long long)rootseek);
+             root = disk->buffer + rootseek;
+             if (root > p)
+@@ -457,7 +461,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
+             errno = EBADMSG;
+             return 0;
+         }
+-	if (root >= disk->endbuf)
++	if (root >= disk->endbuf || (root + rootsize) >= disk->endbuf)
+ 	{
+ 	    DBG1("root behind endbuf should be impossible");
+ 	    errno = EBADMSG;
+Index: zziplib-0.13.67/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.67.orig/zzip/memdisk.c
++++ zziplib-0.13.67/zzip/memdisk.c
+@@ -143,6 +143,7 @@ zzip_mem_disk_load(ZZIP_MEM_DISK * dir,
+         zzip_mem_disk_unload(dir);
+     ___ long count = 0;
+     ___ struct zzip_disk_entry *entry = zzip_disk_findfirst(disk);
++    if (!entry) goto error;
+     for (; entry; entry = zzip_disk_findnext(disk, entry))
+     {
+         ZZIP_MEM_ENTRY *item = zzip_mem_entry_new(disk, entry);

zziplib.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Feb 12 16:14:31 UTC 2018 - josef.moellers@suse.com
+
+- If the size of the central directory is too big, reject
+  the file.
+  Then, if loading the ZIP file fails, display an error message.
+  [CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094]
+
 -------------------------------------------------------------------
 Tue Feb  6 14:55:03 UTC 2018 - josef.moellers@suse.com
 

zziplib.spec

@@ -32,6 +32,7 @@ Patch2:         zziplib-largefile.patch
 Patch3:         CVE-2018-6381.patch
 Patch4:         CVE-2018-6484.patch
 Patch5:         CVE-2018-6540.patch
+Patch6:         CVE-2018-6542.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -72,6 +73,7 @@ ZZipLib.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 # do not bother with html docs saving us python2 dependency
 sed -i -e 's:docs ::g' Makefile.am