diff --git a/CVE-2018-16548.patch b/CVE-2018-16548.patch new file mode 100644 index 0000000..ceb0966 --- /dev/null +++ b/CVE-2018-16548.patch @@ -0,0 +1,41 @@ +Index: zziplib-0.13.69/zzip/zip.c +=================================================================== +--- zziplib-0.13.69.orig/zzip/zip.c ++++ zziplib-0.13.69/zzip/zip.c +@@ -477,9 +477,15 @@ __zzip_parse_root_directory(int fd, + } else + { + if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0) ++ { ++ free(hdr0); + return ZZIP_DIR_SEEK; ++ } + if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent)) ++ { ++ free(hdr0); + return ZZIP_DIR_READ; ++ } + d = &dirent; + } + +@@ -579,11 +585,18 @@ __zzip_parse_root_directory(int fd, + + if (hdr_return) + *hdr_return = hdr0; ++ else ++ { ++ /* If it is not assigned to *hdr_return, it will never be free()'d */ ++ free(hdr0); ++ } + } /* else zero (sane) entries */ ++ else ++ free(hdr0); + # ifndef ZZIP_ALLOW_MODULO_ENTRIES +- return (entries != zz_entries ? ZZIP_CORRUPTED : 0); ++ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; + # else +- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0); ++ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0; + # endif + } + diff --git a/zziplib.changes b/zziplib.changes index 5e107cb..cb9cbe8 100644 --- a/zziplib.changes +++ b/zziplib.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Sep 7 11:51:45 UTC 2018 - josef.moellers@suse.com + +- Avoid memory leak from __zzip_parse_root_directory(). + Free allocated structure if its address is not passed back. + [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch] + ------------------------------------------------------------------- Mon Mar 19 13:57:10 UTC 2018 - josef.moellers@suse.com diff --git a/zziplib.spec b/zziplib.spec index 376b3d4..d440a75 100644 --- a/zziplib.spec +++ b/zziplib.spec @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,14 +16,13 @@ # -%define lname libzzip-0-13 +%define lname libzzip-0-13 Name: zziplib Version: 0.13.69 Release: 0 Summary: ZIP Compression Library -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ -# License: LGPL-2.1-or-later Url: http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2: baselibs.conf @@ -32,6 +31,7 @@ Patch1: zziplib-0.13.62-wronglinking.patch Patch2: zziplib-largefile.patch Patch3: CVE-2018-7726.patch Patch4: CVE-2018-7725.patch +Patch5: CVE-2018-16548.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -70,6 +70,7 @@ ZZipLib. %patch2 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am