Accepting request 634660 from devel:libraries:c_c++

- Avoid memory leak from __zzip_parse_root_directory().
  Free allocated structure if its address is not passed back.
  [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch]

OBS-URL: https://build.opensuse.org/request/show/634660
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/zziplib?expand=0&rev=31

CVE-2018-16548.patch

@@ -0,0 +1,41 @@
+Index: zziplib-0.13.69/zzip/zip.c
+===================================================================
+--- zziplib-0.13.69.orig/zzip/zip.c
++++ zziplib-0.13.69/zzip/zip.c
+@@ -477,9 +477,15 @@ __zzip_parse_root_directory(int fd,
+         } else
+         {
+             if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
++	    {
++	    	free(hdr0);
+                 return ZZIP_DIR_SEEK;
++	    }
+             if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
++	    {
++	    	free(hdr0);
+                 return ZZIP_DIR_READ;
++	    }
+             d = &dirent;
+         }
+ 
+@@ -579,11 +585,18 @@ __zzip_parse_root_directory(int fd,
+ 
+         if (hdr_return)
+             *hdr_return = hdr0;
++	else
++	{
++	    /* If it is not assigned to *hdr_return, it will never be free()'d */
++	    free(hdr0);
++	}
+     }                           /* else zero (sane) entries */
++    else
++        free(hdr0);
+ #  ifndef ZZIP_ALLOW_MODULO_ENTRIES
+-    return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
++    return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
+ #  else
+-    return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
++    return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
+ #  endif
+ }
+ 

zziplib.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Sep  7 11:51:45 UTC 2018 - josef.moellers@suse.com
+
+- Avoid memory leak from __zzip_parse_root_directory().
+  Free allocated structure if its address is not passed back.
+  [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch]
+
 -------------------------------------------------------------------
 Mon Mar 19 13:57:10 UTC 2018 - josef.moellers@suse.com
 

zziplib.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package zziplib
 #
-# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,9 +21,8 @@ Name:           zziplib
 Version:        0.13.69
 Release:        0
 Summary:        ZIP Compression Library
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
-# License:        LGPL-2.1-or-later
 Url:            http://zziplib.sourceforge.net
 Source0:        https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf
@@ -32,6 +31,7 @@ Patch1:         zziplib-0.13.62-wronglinking.patch
 Patch2:         zziplib-largefile.patch
 Patch3:         CVE-2018-7726.patch
 Patch4:         CVE-2018-7725.patch
+Patch5:         CVE-2018-16548.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@@ -70,6 +70,7 @@ ZZipLib.
 %patch2
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 # do not bother with html docs saving us python2 dependency
 sed -i -e 's:docs ::g' Makefile.am